TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Potential Transfer Failure in endGame Function

elminnyc

Summary

The endGame function attempts to transfer 2 ether to the player if they win but does not check the balance before doing it.

Vulnerability Details

The endGame function of the TwentyOne contract attempts to transfer 2 ether to the player if they win the game. However, if the contract does not have enough ether to cover the transfer, the transaction will revert, causing all previous state changes in the function to be undone.

Impact

  • Game State Inconsistency: The failure to transfer funds and subsequent reversion could result in the game state not being cleared as intended.

  • User Experience: Players might experience failed transactions and unexpected behavior, leading to a poor user experience.

  • Security Concerns: Repeated attempts to call the endGame function without sufficient funds can lead to denial-of-service scenarios where legitimate game operations are interrupted.

Tools Used

Manual Review

Recommendations

Check the balance before transferring funds.

if (playerWon) {
require(address(this).balance >= 2 ether, "Not enough funds in contract");
payable(player).transfer(2 ether); // Transfer the prize to the player
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Insufficient balance for payouts / Lack of Contract Balance Check Before Starting Game

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.