BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

Duplicate Entrys Can Lead to Unfair Winnings

bigchapo21

Root + Impact

Description

  • Admin queues team in the country/team array, user/players select country of their choice, admin selects a winning country using the id(index),winners go and claim rewards.

  • The issue here is that there are no checks to prevent duplicate entries when user adds countries to the team array, an admin can mistakenly add a duplicate entry, and since there's no function to change that, the team persists, and when users make their bet, they use an id, a user/users with a wrong id can still share winnings if the country that was set as the winner, is a duplicate, and they choose the dupicate id

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

  • When admin adds a duplicate country in the team array

Impact:

  • Disproportional/unfair distribution of shares to participants

Proof of Concept

Recommended Mitigation

- remove this code
+ mapping(string => bool) private teamNameExists;
for (uint i = 0; i < _newTeams.length; i++) {
string memory teamName = _newTeams[i];
// Check 1: Ensure the name isn't already used in this list
if (teamNameExists[teamName]) {
// Revert with the name that caused the issue
revert DuplicateTeamName(teamName);
}
A mapping should be introuduced to track whether a team has been added to the array, and
with it a check that reverts if it has
Updates

Appeal created

bube Lead Judge 21 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!