Back to AgileJune's contests

AI Arena - AgileJune's results

In AI Arena you train an AI character to battle in a platform fighting game. Imagine a cross between Pokémon and Super Smash Bros, but the characters are AIs, and you can train them to learn almost any skill in preparation for battle.

General Information

Platform: Code4rena

Start Date: 09/02/2024

Pot Size: $60,500 USDC

Total HM: 17

Participants: 283

Period: 12 days

Judge:

Id: 328

League: ETH

AI Arena

Findings Distribution

Researcher Performance

Rank: 235/283

Findings: 1

Award: $1.12

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAI Arena

Findings Information

🌟 Selected for report: haxatron

Also found by: 0xAlix2, 0xCiphky, 0xStriker, 0xaghas, 0xbranded, 0xlamide, 0xmystery, 0xvj, 14si2o_Flint, Aamir, AgileJune, Aymen0909, DanielArmstrong, DarkTower, Draiakoo, EagleSecurity, Giorgio, Krace, KupiaSec, MidgarAudits, MrPotatoMagic, PoeAudits, Ryonen, SpicyMeatball, Topmark, Tychai0s, VAD37, Varun_05, VrONTg, WoolCentaur, _eperezok, alexxander, alexzoid, aslanbek, blutorque, btk, cartlex_, d3e4, devblixt, evmboi32, fnanni, immeas, jesjupyter, juancito, ke1caM, klau5, ktg, lil_eth, merlinboii, nuthan2x, peter, petro_1912, pkqs90, pynschon, radin100, sandy, sashik_eth, shaka, sl1, soliditywala, t0x1c, ubl4nk, visualbits, vnavascues

Awards

1.1225 USDC - $1.12

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
:robot:_77_group
duplicate-45

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L470 https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L370 https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L484

Vulnerability details

Impact

FighterFarm.sol::reRoll(), _createNewFighter() will be failed if generation[fighterType] > 0. It means user can't create Fighter at next generation.

Proof of Concept

numElements is set only once with constructor, and no other implementation anywhere.

reRoll(), _createNewFighter() should call _createFighterBase() inside of it. BTW, _createFighterBase() always reverts, because numElements[generation[fighterType]] is always 0 with generation[fighterType] > 0 and it's modded by zero (dna % numElements[generation[fighterType]])

    function _createFighterBase(
        uint256 dna, 
        uint8 fighterType
    ) 
        private 
        view 
        returns (uint256, uint256, uint256) 
    {
@=>     uint256 element = dna % numElements[generation[fighterType]];
        uint256 weight = dna % 31 + 65;
        uint256 newDna = fighterType == 0 ? dna : uint256(fighterType);
        return (element, weight, newDna);
    }

Tools Used

Manual Review

needs to add setNumElements() to set numElements with generations

Assessed type

Math

#0 - c4-pre-sort

2024-02-22T18:57:16Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-02-22T18:57:29Z

raymondfam marked the issue as duplicate of #45

#2 - c4-judge

2024-03-08T03:16:35Z

HickupHH3 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter