First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Report on isEligibleForReward Function Issues and Improvements

vikthetilted

Summary

The isEligibleForReward function in the ScoreBoard contract determines if a player is eligible to receive a reward from the prize pool. However, it has a vulnerability due to an incorrect condition for eligibility, which contradicts the stated rules.

Vulnerability Details

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L94-L98

function isEligibleForReward(address player) public view returns (bool) {
// total number of points is a positive number and if they had paid at least one prediction fee.
// player here need to have 2 predictions to be eligible
return
results[NUM_MATCHES - 1] != Result.Pending &&
playersPredictions[player].predictionsCount > 1;
}

Issues Identified

  1. Incorrect Eligibility Condition:

    • The function checks if predictionsCount is greater than 1, which requires players to have made at least 2 predictions to be eligible.

    • This contradicts the stated rule that players need to have paid at least one prediction fee and have a positive number of points.

Impact

Players who have made only one valid prediction and have a positive score may be unfairly excluded from receiving rewards. This can lead to player dissatisfaction and disputes, undermining the fairness and credibility of the tournament.

Tools Used

Manual review

Recommendations

The check playersPredictions[player].predictionsCount > 1 should be playersPredictions[player].predictionsCount > 0.

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

The eligibility criteria is wrong

Players with only one prediction cannot withdraw.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.