First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect Timestamp Check in `makePrediction` function

bbash

Summary

There is incorrect timestamp check in the makePrediction function in the ThePredicter.sol

Vulnerability Details

According to the docs: Every day from 20:00:00 UTC one match is played. Until 19:00:00 UTC on the day of the match, predictions can be made by any approved Player.
According to the requirements, predictions can be made by any approved player until 19:00:00 UTC on the day of the match. However, the current timestamp check does not adhere to this requirement.
The issue is at:
https://github.com/Cyfrin/2024-07-the-predicter/blob/main/src/ThePredicter.sol#L93

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) { //@audit incorrect check

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

POC:

START_TIME: 1723752000: Thu Aug 15 2024 20:00:00 GMT+0000 (8 PM)

For 1st match i.e., matchNumber= 0:
1723752000 + 0*68400-68400=1723683600 (Thu Aug 15 2024 01:00:00 GMT+0000) (1 AM)
This is 19 hours before the first match .

For 2nd match i.e., matchNumber= 1:
1723752000 + 1*68400-68400=1723752000 (Thu Aug 15 2024 20:00:00 GMT+0000) (8 PM)
This is 24 hours before the 2nd match starts.

Similarly for every match the timestamp check is incorrect.

Impact

This issue restricts players from submitting predictions at the correct eligible time, potentially impacting the fairness and integrity of the game.

Tools Used

Manual Review

Recommendations

Here is the correct timestamp check:

// Corrected timestamp check

if (block.timestamp > START_TIME + matchNumber * 86400 - 3600) {

revert ThePredicter__PredictionsAreClosed();

}

The corrected check ensures that predictions close one hour before the match starts, maintaining the integrity and fairness of the prediction process.

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.