Summary

The scoreBoard::setPrediction function contains a flawed time calculation that always results in zero, potentially allowing predictions to be set at any time, regardless of intended restrictions.

Vulnerability Details

In the setPrediction function, there's a commented-out calculation:

This calculation simplifies to:

However, the actual implementation results in:

This means the time check is always comparing block.timestamp to START_TIME, regardless of the matchNumber.

Impact

The vulnerability allows users to set predictions before the start time so Users cant set prediction.

Tools Used

Manual Code Review

Recommendations

Correct the time calculation to properly account for the matchNumber:

• Consider adding a constant for the time interval (68400 seconds) to improve readability and maintainability:

  uint256 constant MATCH_INTERVAL = 68400;

  if (block.timestamp <= START_TIME + matchNumber * MATCH_INTERVAL - 18000)