The setPrediction
function in the ScoreBoard
contract allows any use to manipulate other players' predictions for matches.
The function lacks access control, allowing any user to set predictions for any other user.
This can be exploited by malicious users to manipulate other players' predictions.
Consequence: Malicious users can set or alter the predictions of other players, undermining the integrity of the betting system. This can lead to disputes and loss of trust among participants, potentially causing reputational damage to the organizer.
Manual review
setPrediction has no access control and allows manipulation to Players' predictions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.