Mystery Box

First Flight #25

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

H-2 Overlapping Reward Tier Vulnerability in `openBox()` Function leads to incorrect reward assignment.

whizz1

Summary

An issue was identified at the openBox() function where the reward tiers were overlapping, specifically between the Bronze and Silver rewards. This overlap causes unpredictable behavior in determining the correct reward for certain random values, leading to potential inconsistencies.

Vulnerability Details

The logic used to determine the rewards based on a random number generated between 0 and 99 had overlapping conditions for the Bronze and Silver tiers:

Bronze Coin: Expected range was 75-94.
Silver Coin: Expected range was 95-98.
However, the condition for Silver Coin (randomValue < 99) could have included values that were already part of the Coal & Bronze Coin tier, leading to incorrect assignment of rewards.

Impact

Incorrect Reward Assignment: Users expecting a reward within the Bronze or Silver range may have received the wrong reward due to the overlap.

Tools Used

Manual Review and Unit tests

Recommendations

To resolve the issue, the conditions for each reward tier at the openBox function must be adjusted so that they are mutually exclusive.
Specifically:

Bronze Coin: Adjust the range to randomValue >= 75 && randomValue < 95.
Silver Coin: Adjust the range to randomValue >= 95 && randomValue < 99.
This ensures that all random values fall into distinct reward categories, preventing overlaps and ensuring correct reward assignment.

At the openBox function, replace the code with this:

function openBox() public {

require(boxesOwned[msg.sender] > 0, "No boxes to open");

// Generate a random number between 0 and 99

uint256 randomValue = uint256(

keccak256(abi.encodePacked(block.timestamp, msg.sender))

) % 100;

// Determine the reward based on probability

if (randomValue < 75) {

// 75% chance to get Coal (0-74)

rewardsOwned[msg.sender].push(Reward("Coal", 0 ether));

- } else if (randomValue < 95)

+ } else if (randomValue >= 75 && randomValue < 95) {

// 20% chance to get Bronze Coin (75-94)

rewardsOwned[msg.sender].push(Reward("Bronze Coin", 0.1 ether));

- else if (randomValue < 99) {

+ } else if (randomValue >= 95 && randomValue < 99) {

// 4% chance to get Silver Coin (95-98)

rewardsOwned[msg.sender].push(Reward("Silver Coin", 0.5 ether));

} else {

// 1% chance to get Gold Coin (99)

rewardsOwned[msg.sender].push(Reward("Gold Coin", 1 ether));

}

// Decrease the number of boxes owned by the sender

boxesOwned[msg.sender] -= 1;

}

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!