TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Lack of Funding Mechanism Prevents Contract from Maintaining Sufficient Balance for Payouts

eierina

Summary

The TwentyOne contract lacks a mechanism to fund the contract with Ether, which can lead to insufficient balance to pay out winnings. Without a way to add funds, winning players may not receive their expected payouts.

Vulnerability Details

  • No Funding Function:

    • Contract has no functions to deposit Ether into its balance

    • Current balance can only decrease as players win

    • No way to replenish funds when balance gets low

  • Failed Payouts:

    • If balance falls below 2 ETH, contract cannot pay winning players

    • No check to ensure sufficient balance before starting new games

Impact

  • Contract may be unable to pay winners

  • Players lose trust when payouts fail

  • Game becomes inoperable when funds are depleted

Tools Used

  • Manual Code Review

Recommendations

  • Add owner funding function:

function fundContract() external payable onlyOwner {
require(msg.value > 0, "Must send Ether");
}

  • Add initial funding requirement in contract constructor

  • Consider monitoring and alerts for low balance

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Contract Lacks Mechanism to Initialize or Deposit Ether

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.