Submission Details
Severity:
Reentrancy to inflate Total Shares and Participants
Ability to Manipulate the Total Participants
Description
There's no check to ensure that the user has already joined the event.
function joinEvent(uint256 countryId) public {
if (stakedAsset[msg.sender] == 0) {
revert noDeposit();
}
// Ensure countryId is a valid index in the `teams` array
if (countryId >= teams.length) {
revert invalidCountry();
}
if (block.timestamp > eventStartDate) {
revert eventStarted();
}
userToCountry[msg.sender] = teams[countryId];
uint256 participantShares = balanceOf(msg.sender);
// NOTE: This is not reentrancy as the value just gets overriden
userSharesToCountry[msg.sender][countryId] = participantShares;
// BUG: Even though we can't increase our shares, we join as much as want
usersAddress.push(msg.sender);
// BUG: And inflate the totalParticipantShares
numberOfParticipants++;
totalParticipantShares += participantShares;
emit joinedEvent(msg.sender, countryId);
}
Risk
Likelihood:
By calling the
joinEventmethod repeatedly, a malicious actor will be able to falsely inflate the actual amount of participant shares and also amount of participates.
Impact:
A bad actor could significantly reduce the payout of those who predicted correctly.
Proof of Concept
Recommended Mitigation
+ Store the players in an imap and include a boolean flag to signify that the player has joined already. Then clear the map at the begin of the next round.
Updates
Appeal created
bube 21 days ago
Submission Judgement Published Assigned finding tags:
Duplicate registration through `joinEvent`
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.