TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Excess ETH Sent in `startGame` Function Could Be Lost

lydiamt

Summary

The startGame function requires users to send at least 1 ether to initiate a game. However, it does not handle any excess ether sent beyond this requirement, leading to potential loss of funds for users who send more than 1 ether.

Vulnerability Details

In the startGame function, users are required to send a minimum of 1 ether to start a game. The function checks if the sent ether is at least 1 ether but does not account for any excess ether sent.

function startGame() public payable returns (uint256) {
address player = msg.sender;
require(msg.value >= 1 ether, "not enough ether sent");
initializeDeck(player);
uint256 card1 = drawCard(player);
uint256 card2 = drawCard(player);
addCardForPlayer(player, card1);
addCardForPlayer(player, card2);
return playersHand(player);
}

Impact

If a user sends more than 1 ether, the excess ETH is effectively lost.

Tools Used

Manual Review.

Recommended Mitigation

Modify the require statement in the startGame function to ensure that users can only send exactly 1 ether. This avoids any potential loss of funds due to overpayment.

require(msg.value == 1 ether, "send 1 ether to start the game");
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[INVALID] User mistake, too much ETH sent

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.