First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Match Number Validation in setPrediction Function

chaossr

Summary

The setPrediction function does not validate the matchNumber, allowing potential submission of invalid match numbers. This can lead to incorrect predictions being recorded.

Vulnerability Details

Improper Validation of matchNumber: The function lacks a check to ensure matchNumber is within a valid range. This could result in incorrect or unintended predictions being set for non-existent matches.

Impact

Logical Errors: Allowing matchNumber to be greater than 9 can result in predictions being stored in unintended indices of the predictions array, potentially leading to incorrect game outcomes or corrupted data.

Tools Used

Manual Code Review

Recommendations

Add Match Number Validation: Ensure that matchNumber is within the valid range before proceeding with setting the prediction. For example, if the valid range is 0-9:

function setPrediction(address player, uint256 matchNumber, Result result) public {\
require(matchNumber <= 9, "Invalid match number"); // Add this line for validatio
if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400) {
playersPredictions[player].predictions[matchNumber] = result;
playersPredictions[player].predictionsCount = 0;
for (uint256 i = 0; i < NUM_MATCHES; ++i) {
if (
playersPredictions[player].predictions[i] != Result.Pending &&
playersPredictions[player].isPaid[i]
) ++playersPredictions[player].predictionsCount;
}
}
Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.