BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Timestamp Boundary Issue in joinEvent()

objectplayer

Root + Impact

Method joinEvent() is not checking the event start-time. So anyone can joining at the exact event start time.
Users can join exactly at eventStartDate, potentially with early match knowledge.

Description

Users should not be able to join once the event starts.
Check uses > instead of >=, allowing joins at exact startDate.

function joinEvent(uint256 countryId) public {

// ...

if (block.timestamp > eventStartDate) { // @> Should be >=

revert eventStarted();

}

// ...

}

Risk

Likelihood:

Users can join at exact startDate timestamp
Possible with automated bots and use small timing window

Impact:

Users join with early match knowledge and can enjoy unfair advantage
Gaming the prediction market and can perform Front-running opportunities

Proof of Concept

Lets assume that event start at 1000 (block-timestamp). Now all the users deposit and participate before the event start but any attacker can join exactly the same time when the event-start, by submitting the transaction in the same block.

// eventStartDate = 1000

// Event starts, early results known

// block.timestamp = 1000

user.joinEvent(winningCountry);

// Check: 1000 > 1000? NO - passes

// User joins with insider knowledge!

Recommended Mitigation

Just updating the check from > to >= can solve the issue, and no can join the game on the start time too.

function joinEvent(uint256 countryId) public {

if (stakedAsset[msg.sender] == 0) {

revert noDeposit();

}

if (countryId >= teams.length) {

revert invalidCountry();

}

- if (block.timestamp > eventStartDate) {

+ if (block.timestamp >= eventStartDate) {

revert eventStarted();

}

// ... rest of function

}

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!