TwentyOne

First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Submission Details
Severity: low
Invalid

Risk of Losing Funds Due to Overpayment Acceptance

Summary

The current implementation of the startGame() function in the smart contract accepts any amount of ether greater than or equal to 1 ether (msg.value >= 1 ether). This can lead to a situation where players overpay, and the excess funds are neither properly refunded nor accounted for. In some scenarios, this overpayment could result in the loss of funds if the contract does not properly handle excess payments.

Vulnerability Details

The contract contains the following check for the ether sent by the player:

require(msg.value >= 1 ether, "not enough ether sent");

This check only ensures that the player sends at least 1 ether, but it does not limit the payment to the required amount. Therefore, players could send more than the required 1 ether, potentially up to 2 ether (the maximum payout). However, the contract currently does not handle the scenario where a player sends more than the required amount, and excess ether is not refunded or used properly. This results in the potential loss of funds.

For example, if a player sends 1.5 ether or 2 ether, the excess amount is effectively "locked" in the contract without being used for anything, as the contract only needs 1 ether for the game to start.

Impact

Potential Loss of Funds: The excess ether sent by the player could be effectively lost if not refunded or accounted for. This could result in players losing their funds, or the contract holding more ether than necessary, potentially leading to an imbalance or unintended behavior.

  • Financial Mismanagement: The contract could end up with extra ether that is not required for the game, which leads to financial loss and locked funds for the user.

Example:

In this system, the user deposits 3 ether to participate in the game. If the player wins, they receive a payout of 2 ether, resulting in a net loss of 1 ether. If the player loses, they forfeit the entire 3 ether deposit.

Tools Used

Manual Review

Recommendations

To prevent the potential loss of funds due to overpayments, the following solutions are recommended:

Exact Payment Requirement: Modify the payment condition to require the player to send exactly 1 ether, rather than allowing for any amount greater than or equal to 1 ether. This ensures that no excess funds are sent or accepted.

require(msg.value == 1 ether, "Incorrect amount of ether sent");

Refund Excess Payment: If flexibility is needed and players are allowed to send more than 1 ether (e.g., for covering transaction fees), ensure that any excess ether is refunded back to the player immediately upon receiving the payment.

if (msg.value > 1 ether) {
payable(msg.sender).transfer(msg.value - 1 ether); // Refund excess payment
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[INVALID] User mistake, too much ETH sent

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.