TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Risk of Losing Funds Due to Overpayment Acceptance

0xmushow

Summary

The current implementation of the startGame() function in the smart contract accepts any amount of ether greater than or equal to 1 ether (msg.value >= 1 ether). This can lead to a situation where players overpay, and the excess funds are neither properly refunded nor accounted for. In some scenarios, this overpayment could result in the loss of funds if the contract does not properly handle excess payments.

Vulnerability Details

The contract contains the following check for the ether sent by the player:

require(msg.value >= 1 ether, "not enough ether sent");

This check only ensures that the player sends at least 1 ether, but it does not limit the payment to the required amount. Therefore, players could send more than the required 1 ether, potentially up to 2 ether (the maximum payout). However, the contract currently does not handle the scenario where a player sends more than the required amount, and excess ether is not refunded or used properly. This results in the potential loss of funds.

For example, if a player sends 1.5 ether or 2 ether, the excess amount is effectively "locked" in the contract without being used for anything, as the contract only needs 1 ether for the game to start.

Impact

Potential Loss of Funds: The excess ether sent by the player could be effectively lost if not refunded or accounted for. This could result in players losing their funds, or the contract holding more ether than necessary, potentially leading to an imbalance or unintended behavior.

Financial Mismanagement: The contract could end up with extra ether that is not required for the game, which leads to financial loss and locked funds for the user.

Example:

In this system, the user deposits 3 ether to participate in the game. If the player wins, they receive a payout of 2 ether, resulting in a net loss of 1 ether. If the player loses, they forfeit the entire 3 ether deposit.

Tools Used

Manual Review

Recommendations

To prevent the potential loss of funds due to overpayments, the following solutions are recommended:

Exact Payment Requirement: Modify the payment condition to require the player to send exactly 1 ether, rather than allowing for any amount greater than or equal to 1 ether. This ensures that no excess funds are sent or accepted.

require(msg.value == 1 ether, "Incorrect amount of ether sent");

Refund Excess Payment: If flexibility is needed and players are allowed to send more than 1 ether (e.g., for covering transaction fees), ensure that any excess ether is refunded back to the player immediately upon receiving the payment.

if (msg.value > 1 ether) {

payable(msg.sender).transfer(msg.value - 1 ether); // Refund excess payment

}

Updates

Lead Judging Commences

inallhonesty Lead Judge

7 months ago

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[INVALID] User mistake, too much ETH sent

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.