Mystery Box

First Flight #25

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Inconsistent use of Reward Values

brene

Summary

The reward values initialized in the contract constructor differ from those used during contract execution. This inconsistency can lead to confusion among users, potential financial discrepancies, and unintended reward distributions

Vulnerability Details

In the contract, reward values are initialized within the constructor as part of a rewardPool. However, these values are later used differently in other parts of the contract, such as the openBox function, which results in inconsistencies between the expected and actual rewards distributed.
For instance, the contract initializes reward values in the constructor as follows:

constructor() payable {

owner = msg.sender;

boxPrice = 0.1 ether;

require(msg.value >= SEEDVALUE, "Incorrect ETH sent");

// Initialize with some default rewards

> rewardPool.push(Reward("Gold Coin", 0.5 ether));

rewardPool.push(Reward("Silver Coin", 0.25 ether));

> rewardPool.push(Reward("Bronze Coin", 0.1 ether));

rewardPool.push(Reward("Coal", 0 ether));

}

However, when distributing rewards in the openBox function, the values used differ;

function openBox() public {

require(boxesOwned[msg.sender] > 0, "No boxes to open");

// Generate a random number between 0 and 99

uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;

// Determine the reward based on probability

if (randomValue < 75) {

// 75% chance to get Coal (0-74)

rewardsOwned[msg.sender].push(Reward("Coal", 0 ether));

} else if (randomValue < 95) {

// 20% chance to get Bronze Coin (75-94)

rewardsOwned[msg.sender].push(Reward("Bronze Coin", 0.1 ether));

} else if (randomValue < 99) {

// 4% chance to get Silver Coin (95-98)

> rewardsOwned[msg.sender].push(Reward("Silver Coin", 0.5 ether));

} else {

// 1% chance to get Gold Coin (99)

> rewardsOwned[msg.sender].push(Reward("Gold Coin", 1 ether));

}

boxesOwned[msg.sender] -= 1;

}

The key inconsistency is between the initialized values (0.5 ether for Gold Coin and 0.25 ether for Silver Coin) and the actual values distributed (1 ether and 0.5 ether) respectively.

Impact

If the rewards are higher than intended, the contract could unintentionally favor users, resulting in more value being distributed than the contract was designed to handle. Conversely, if lower rewards are distributed, users may feel they are being shortchanged.

Tools Used

Manual Review

Recommendations

The reward values initialized in the constructor should match the values distributed in the openBox function and any other parts of the contract where rewards are issued. Consistent use ensures that users receive exactly what is outlined during contract deployment.

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

The rewards in constructor are different from the rewards in openBox

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!