[L-2] Inconsistent Reward Value for Silver Coin and Gold Coin
Summary
The value assigned to the "Silver Coin" reward in the openBox function is inconsistent with its initial value in the constructor, leading to potential discrepancies in user expectations and actual rewards.
Vulnerability Details
In the constructor, the "Silver Coin" is initialized with a value of 0.25 ether. In the openBox function, the "Silver Coin" is assigned a value of 0.5 ether. This inconsistency can lead to confusion and incorrect reward distribution.
Impact
Users may receive a different value than expected when opening a box, leading to potential disputes or dissatisfaction.
Steps to Exploit
A user opens a mystery box expecting a "Silver Coin" valued at
0.25 ether.The user receives a "Silver Coin" with a value of
0.5 etherinstead, causing a discrepancy in the contract's balance.
Tools Used
Manual Review
Recommendations
Ensure consistency in reward values by aligning the value of the "Silver Coin" in the openBox function with its initialization value in the constructor.
Appeal created
The rewards in constructor are different from the rewards in openBox
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.