Submission Details
Severity:
Player can put more than 1 ETH.
Summary: Player can put more then 1eth
Vulnerability Details : The startGame() function allows the player to send exactly 1 Ether to initiate the game. However, the test suggests that this function does not restrict the maximum amount of Ether a player can send, leaving the contract open to the possibility of arbitrary Ether contributions. Even if the player sends more than 1 Ether, the game logic in endGame always transfers a fixed 2 Ether reward, regardless of the player's original deposit. This creates an imbalance in the payout system, where the payout does not scale with the player's contribution.
POC:
function test_moreThanOneEther() public {
vm.startPrank(player1);
twentyOne.startGame{value: 10 ether}();
vm.mockCall(
address(twentyOne),
abi.encodeWithSignature("dealersHand(address)", player1),
abi.encode(18) // Dealer's hand total is 18
);
uint256 initialPlayerBalance = player1.balance;
twentyOne.call();
uint256 finalPlayerBalance = player1.balance;
uint256 expectedBalance = initialPlayerBalance + 2 ether;
assertEq(
finalPlayerBalance,
expectedBalance,
"Payout is not proportional to the initial bet"
);
vm.stopPrank();
}
Impact: Players could send more than 1 Ether but still receive only 2 Ether as a reward. This results in an unfair situation where the player's initial deposit is not proportionally rewarded.
Tools Used: Foundry
Recommendations: Impose a Maximum Deposit: Modify the startGame function to impose a cap on the amount of Ether a player can deposit. This prevents excessive deposits and ensures a more balanced gameplay experience.
Example:
require(msg.value <= maxDeposit, "Exceeds maximum deposit");
or Adjust Reward Mechanism: Modify the endGame function to make the reward proportional to the player's contribution, ensuring fairness. Example:
uint256 reward = msg.value * rewardMultiplier;
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[INVALID] User mistake, too much ETH sent
Appeal created
teoslaf
7 months ago
inallhonesty
7 months ago
inallhonesty 7 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[INVALID] User mistake, too much ETH sent
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.