First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

An incorrect mathematical operation order in scoreBoard::setPrediction Function leading to unintended time calculations

chaossr

Summary

The scoreBoard::setPrediction function contains a mathematical expression with an incorrect order of operations, leading to unintended time calculations that could affect the function's behavior.

Vulnerability Details

In the setPrediction function, there's the following time check:

if (block.timestamp <= START_TIME + matchNumber * 68400 - 18000)

However, the intended calculation should subtract 18000 before multiplying by the match number:
lets say matchnumber = 1

START_TIME + (1 * 68400) - 18000
START_TIME + 68400 - 18000
START_TIME + 50400

Impact

This vulnerability could lead to incorrect time calculations, potentially allowing predictions to be set at unintended times. Depending on the value of matchNumber, the time window for setting predictions could be significantly different from what was intended, compromising the fairness and integrity of the prediction system.

Tools Used
Manual code review

Recommendations
Add parentheses to ensure the correct order of operations:

if (block.timestamp <= START_TIME + matchNumber * ( 68400 - 18000 ))

This ensures that one interval is subtracted before multiplying by the match number.

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.