Closed c4-bot-7 closed 6 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #136
HickupHH3 marked the issue as unsatisfactory: Invalid
HickupHH3 marked the issue as unsatisfactory: Invalid
HickupHH3 changed the severity to 2 (Med Risk)
Lines of code
https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/RankedBattle.sol#L334-L338 https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/RankedBattle.sol#L416-L500
Vulnerability details
Impact
Look at actions RankedBattle::updateBattleRecord and RankedBattle::_addResultPoints
The impact of this issue are
Attack scenario ( 3rd impact from above)
The 1st and 2nd scenario is possible like a flashloan attack,
Proof of Concept
-Now paste the below POC into test/RankedBattle.t.sol and run
forge t --mt test_POC_updateBattleRecord -vvvv
Tools Used
Manual + Foundry testing
Recommended Mitigation Steps
amountStaked[tokenId]
state when battles.Assessed type
DoS