TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Insufficient Balance Check Before Game Start Can Lead to Unpaid Winnings

eierina

Summary

The TwentyOne contract does not verify if it has sufficient balance (2 ETH) to pay out potential winnings before allowing a game to start. This can result in players winning games but being unable to receive their payouts.

Vulnerability Details

No Balance Check:
- startGame() function accepts bets without verifying contract balance
- No guarantee that winning players can be paid

function startGame() public payable returns (uint256) {

require(msg.value >= 1 ether, "not enough ether sent");

// Missing check for contract.balance >= 2 ether

Impact

Players may win but not receive payouts
Contract could accept bets it cannot cover
Game integrity compromised

Tools Used

Manual Code Review

Recommendations

Add balance verification before starting games:

require(address(this).balance >= msg.value + 1 ether, "Insufficient contract balance");

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Insufficient balance for payouts / Lack of Contract Balance Check Before Starting Game

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.