Root + Impact

Description

In rap_battle, users can put their rappers on stage by calling go_on_stage_or_battle. It is a 2-step transaction:

• When the stage is empty, someone place their rapper with an arbitrary bet amount. This rapper is called the "defender".

• When the stage has a defender, another user can place their rapper by matching the defender's bet. This rapper is known as the "challenger".

Once the challenger enters the stage, the winner is immediately decided, in the same transaction. Because the function is public entry, it can be run in a script where a malicious challenger could revert when they don't win the battle, offering them an unfair advantage.

Risk

Likelihood:

Easy to perform, a challenger using a correct script would never loose.

Impact:

The challenger would always win the battle.

Recommended Mitigation

Remove the public visibility from the function. This way, an attacker cannot script the transaction to revert if they don't win the battle.