Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Lack of proper endTime enforcement in EggHuntGame

mishoko

Summary

The endTime variable is defined and set during the game start, but its enforcement is inconsistent across the contract. While some functions (like searchForEgg) include a check for endTime, others (like depositEggToVault) do not. This inconsistency allows for scenarios where the game appears to have ended but players can still interact with certain functions, leading to:

  1. Inconsistent Game State: Some functions enforce endTime, while others rely solely on gameActive.

  2. Unfair Gameplay: Players can deposit eggs or perform other actions after the game has logically ended.

  3. Economic and Trust Issues: Rewards or incentives tied to the game's lifecycle may be exploited or misaligned.

Vulnerability Details

1/ searchForEgg Enforces endTime

The searchForEgg function includes a check for endTime:

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended"); // Enforces endTime
// ...
}

This ensures that players cannot search for eggs after the game has ended.

2/ depositEggToVault Does NOT Enforce endTime

The depositEggToVault function does not check endTime:

function depositEggToVault(uint256 tokenId) external {
require(eggNFT.ownerOf(tokenId) == msg.sender, "Not owner of this egg");
eggNFT.transferFrom(msg.sender, address(eggVault), tokenId);
eggVault.depositEgg(tokenId, msg.sender);
}

This allows players to deposit eggs into the vault even after the game has ended, creating inconsistencies in the game's lifecycle.

3/ endGame Relies on Manual Intervention

The endGame function must be called manually by the owner to stop the game:

function endGame() external onlyOwner {
require(gameActive, "Game not active");
gameActive = false;
emit GameEnded(block.timestamp);
}

If the owner forgets or is unavailable to call this function, the game can continue indefinitely, even though endTime has passed.

4/ getGameStatus Reflects endTime but Does Not Enforce It. this is purely informational and does not enforce endTime in any way.

Impact

Inconsistent Enforcement:

Players can still deposit eggs after the game has ended, creating inconsistencies in the game's lifecycle.
Unfair Advantage:

Players who deposit eggs after the game has ended could gain an unfair advantage in tournaments or reward systems.
Economic Exploitation:

If rewards are tied to deposits or other actions, players could exploit the lack of endTime enforcement to claim rewards after the game has ended.
Centralization Risk:

The reliance on the owner to manually call endGame introduces a centralization risk. If the owner is unavailable, the game can continue indefinitely.

Tools Used

manual review

Recommendations

Option 1: Enforce endTime in all critical functions

Option 2: Automatically end the game when endTime is reached - could be done with oracle feeds and a keeper.

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Appeal created

mishoko Submitter
4 months ago
m3dython Lead Judge
4 months ago
mishoko Submitter
4 months ago
m3dython Lead Judge
4 months ago
m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.