First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Prediction deadline Error

cryptedoji

Summary

START_TIME + matchNumber * 68400 - 68400 is used to set prediction deadline in the setPrediction and makePrediction functions. This actually sets prediction deadline to a PREMATURE time for all matches except the 1st match. the 1st match deadline is set forward to the START_TIME. This prevents players from placing their bets even when it's not 19:00UTC (which is the deadline) on the matchDay

Vulnerability Details

Based on the formular START_TIME + matchNumber * 68400 - 68400, below is the deadline of the first 4 matches, which are all wrong deadlines;

  • proposed dealine is the Protocol corect time

  • Dapp deadline is the wrong deadline calculated by the contract

NB: we assume matchNumber ranges from 1-9

Proposed deadline Dapp deadline
match-1 15-08-2024 19:00:00 UTC (1723748400) 15-08-2024 20:00:00 UTC (1723957200)
match-2 16-08-2024 19:00:00 UTC (1723834800) 16-08-2024 15:00:00 UTC (1723820400)
match-3 17-08-2024 19:00:00 UTC (1723921200) 17-08-2024 10:00:00 UTC (1723888800)
match-4 18-08-2024 19:00:00 UTC (1723921200) 18-08-2024 05:00:00 UTC (1723888800)

Impact

  • low predictionFee generated for the protocol

  • poor user experience leading to low predictions

Tools Used

Recommendations

A more viable formular to use in the makePrediction and setPrediction is START_TIME + numOfdays days - 3600 where numOfdays = matchNumber - 1. below is the implementation in makePrediction function . the same changes should be made in setPrediction;

function makePrediction(
uint256 matchNumber,
ScoreBoard.Result prediction
) public payable {
if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}
- if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {
revert ThePredicter__PredictionsAreClosed();
}
scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);
scoreBoard.setPrediction(msg.sender, matchNumber, prediction);
}
function setPrediction(
address player,
uint256 matchNumber,
Result result
) public {
- if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)
playersPredictions[player].predictions[matchNumber] = result;
playersPredictions[player].predictionsCount = 0;
for (uint256 i = 0; i < NUM_MATCHES; ++i) {
if (
playersPredictions[player].predictions[i] != Result.Pending &&
playersPredictions[player].isPaid[i]
) ++playersPredictions[player].predictionsCount;
}
}
function makePrediction(
uint256 matchNumber,
ScoreBoard.Result prediction
) public payable {
if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}
+ uint8 numOfdays = matchNumber - 1; //we assume matchNumber begins from 1-9
+ if (block.timestamp > START_TIME + numOfdays days - 3600) {
revert ThePredicter__PredictionsAreClosed();
}
scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);
scoreBoard.setPrediction(msg.sender, matchNumber, prediction);
}
function setPrediction(
address player,
uint256 matchNumber,
Result result
) public {
+ uint8 numOfdays = matchNumber - 1; //we assume matchNumber begins from 1-9
+ if (block.timestamp <= START_TIME + numOfdays days - 3600)
playersPredictions[player].predictions[matchNumber] = result;
playersPredictions[player].predictionsCount = 0;
for (uint256 i = 0; i < NUM_MATCHES; ++i) {
if (
playersPredictions[player].predictions[i] != Result.Pending &&
playersPredictions[player].isPaid[i]
) ++playersPredictions[player].predictionsCount;
}
}
Updates

Lead Judging Commences

NightHawK Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.