Submission Details
Severity:
Insufficient Initial Contract Balance to Cover Payouts
Summary: The contract lacks an explicit mechanism to ensure it starts with sufficient funds to cover potential payouts, particularly for the first game. If a player wins the initial game, the contract will revert due to an insufficient balance, potentially leading to disputes or loss of trust.
Vulnerability Details: The contract requires an entry fee of 1 ETH to start a game and promises a prize of 2 ETH for a win. However, the contract does not enforce or include a method to initialize its balance. This results in a scenario where the contract may be unable to pay the promised prize, especially during the first game or when its balance is insufficient due to prior losses.
Impact: If you are the first person to use the contract and you win, you transation will revert, that means the 1st player will lose 100% of the time.
Tools Used: Foundry, Remix
Recommendations:
Add a Constructor for Initial Funding
constructor() payable {
require(msg.value >= 10 ether, "Insufficient funding for the game.");
}
Check Contract Balance Before Starting a Game
require(address(this).balance >= 2 ether, "Contract cannot cover the prize.");
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
Insufficient balance for payouts / Lack of Contract Balance Check Before Starting Game
Contract Lacks Mechanism to Initialize or Deposit Ether
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.