Submission Details
Severity:
TwentyOne::startGame() doesn't have any mechanism to return extra ETH being sent
Summary
It was observed that in the startGame()function there is no mechanism to refund the amount if a user gives extra ether to the TwentyOne contract. Hence it will lock up the extra fund.
Vulnerability Code
function startGame() public payable returns (uint256) {
address player = msg.sender;
require(msg.value >= 1 ether, "not enough ether sent");
initializeDeck(player);
uint256 card1 = drawCard(player);
uint256 card2 = drawCard(player);
addCardForPlayer(player, card1);
addCardForPlayer(player, card2);
return playersHand(player);
}
Impact
Unfair locking of funds
Tools Used
Manual Review
Recommendations
Replace the line as shown in the below code snippet
function startGame() public payable returns (uint256) {
address player = msg.sender;
- require(msg.value >= 1 ether, "not enough ether sent");
+ require(msg.value == 1 ether, "not enough ether sent");
initializeDeck(player);
uint256 card1 = drawCard(player);
uint256 card2 = drawCard(player);
addCardForPlayer(player, card1);
addCardForPlayer(player, card2);
return playersHand(player);
}
Updates
Lead Judging Commences
inallhonesty 10 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[INVALID] User mistake, too much ETH sent
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.