First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Time Calculation in scoreBoard::setPrediction Function Leading to Zero Result

chaossr

Summary

The scoreBoard::setPrediction function contains a flawed time calculation that always results in zero, potentially allowing predictions to be set at any time, regardless of intended restrictions.

Vulnerability Details

In the setPrediction function, there's a commented-out calculation:

// matchNumber * (68400 - 68400)

This calculation simplifies to:

matchNumber * 0 = 0

However, the actual implementation results in:

if (block.timestamp <= START_TIME + 0)

This means the time check is always comparing block.timestamp to START_TIME, regardless of the matchNumber.

Impact

The vulnerability allows users to set predictions before the start time so Users cant set prediction.

Tools Used

Manual Code Review

Recommendations

Correct the time calculation to properly account for the matchNumber:

if (block.timestamp <= START_TIME + matchNumber * 68400 - 18000)

  • Consider adding a constant for the time interval (68400 seconds) to improve readability and maintainability:

    uint256 constant MATCH_INTERVAL = 68400;
    if (block.timestamp <= START_TIME + matchNumber * MATCH_INTERVAL - 18000)
Updates

Lead Judging Commences

NightHawK Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!