three sigma logo
Scoreplay

Code Audit

Scoreplay

A decentralized on‑chain prediction market protocol.

Audit Report

Severity Issues

critical
high

1

informational

4

medium

2

low

2

Audit Period

0.8

Report

Introduction

Scoreplay is a decentralized prediction market built on Basecamp and Sophon, enabling users to place secure, transparent bets on a wide range of sports events. The protocol leverages smart contracts to ensure trustless payouts and fair play, granting bettors full control over their funds and wagers.

Why Did They Need an Audit?

Scoreplay needed an audit to verify the robustness and reliability of their betting mechanisms, particularly given the high financial stakes involved in prediction markets. The audit aimed to identify vulnerabilities that could compromise user funds, manipulate outcomes, or cause economic inconsistencies within the protocol.

Scope of the Engagement

  • File Audited: EnhancedPredictionMarket.sol
  • Engagement: 2 auditors - 0.8 person weeks
  • Chain: Basecamp, Sophon

Key Objectives:

  • Detect vulnerabilities in prediction market logic and ensure fair outcome resolution.
  • Identify risks related to frontrunning and inconsistent fee calculations.
  • Ensure safe handling of ERC20 tokens and proper refund mechanisms.
  • Review gas efficiency, particularly regarding large data sets and user interaction history.

Audit Date: 2025-04-03

Language: Solidity

Type: Code Audit

Results and Findings

Key High Issue: Frontrunning Vulnerability in Condition Resolution

  • Description: The resolveCondition function could be frontrun, allowing malicious users to place bets based on mempool data before the outcome is finalized.
  • Resolution: Split the resolution logic into two distinct functions, one to block trading and another to set the outcome, mitigating the risk of frontrunning.

Notable Medium-Severity Issues:

  • Global House Fee Modification: Adjusting the house fee impacted existing bets, leading to inconsistent payouts.
  • Fund Locking Issue: In cases where all bets are on the losing outcome, funds remained locked without a reimbursement mechanism.

Blockchain security isn't optional.

Protect your smart contracts and DeFi protocols with Three Sigma, a trusted security partner in blockchain audits, smart contract vulnerability assessments, and Web3 security.

In conclusion

Three Sigma's audit of Scoreplay highlighted critical areas related to fair outcome resolution, fee consistency, and fund handling. By addressing the identified vulnerabilities, Scoreplay now ensures secure and transparent prediction markets. These improvements bolster user trust and the protocol's reliability in handling decentralized betting.

Secure Your Crypto Project Before It’s Too Late. Get in Touch Today.

Follow us on