Insufficient Contract Funds Prevent Reward Distribution
Summary
If the contract lacks sufficient funds or is deployed without an initial balance, it will be unable to distribute rewards to players.
Vulnerability Details
In the TwentyOne contract, when a player wins a game, the contract is required to transfer the corresponding reward to the player. However, if the contract's ETH balance is insufficient or no initial funding was provided during deployment, these reward payments will fail. Such failures will cause transactions to revert, preventing players from receiving their deserved rewards and severely impacting the fairness and playability of the game.
Impact
This issue can result in the following severe consequences:
Players are unable to claim their rightful rewards, damaging the game's credibility.
User experience is significantly degraded, potentially leading to user attrition.
Tools Used
Manual review.
Recommendations
To address this issue, implement the following measures:
Provide Initial Funding: Ensure the contract is deployed with sufficient initial funds to handle expected payouts.
Set a Minimum Balance Threshold: Add a mechanism to pause the game's functionality when the contract balance falls below a predefined threshold.
Fund Replenishment Mechanism: Allow the contract owner to top up the contract balance as needed.
Monitoring and Alerts: Implement a balance monitoring system to notify the administrator when the contract funds are running low.
These steps will help ensure the contract can always fulfill reward obligations and maintain trust and fairness for players.
Lead Judging Commences
Insufficient balance for payouts / Lack of Contract Balance Check Before Starting Game
Contract Lacks Mechanism to Initialize or Deposit Ether
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.