Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Unrestricted EggHuntGame::searchForEgg Rate Enables Game Economic Exploitation

0xluckyluke

Summary

The EggHuntGame::searchForEgg function lacks rate limiting mechanisms, allowing users to spam search attempts and gain an unfair advantage in egg collection. This, combined with the predictable randomness, creates a significant economic imbalance in the game's reward distribution system.

Vulnerability Details

https://github.com/CodeHawks-Contests/2025-04-eggstravaganza/blob/f83ed7dff700c4319bdfd0dff796f74db5be4538/src/EggHuntGame.sol#L65-L81

The current implementation of EggHuntGame::searchForEgg only checks if the game is active:

function searchForEgg() external {

require(gameActive, "Game not active");

require(block.timestamp >= startTime, "Game not started yet");

require(block.timestamp <= endTime, "Game ended");

// Pseudo-random number generation

uint256 random = uint256(

keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))

) % 100;

if (random < eggFindThreshold) {

eggCounter++;

eggsFound[msg.sender] += 1;

eggNFT.mintEgg(msg.sender, eggCounter);

emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);

}

Key issues:

No cooldown period between searches
No daily/hourly limit on search attempts
No cost associated with searching
No increasing difficulty based on user's success

This allows:

Transaction spamming within single blocks
Bot automation of search attempts
Unfair advantage for technically sophisticated users

Impact

Economic imbalance in egg distribution
Potential network congestion from search spam
Unfair advantage for automated players
Reduced game enjoyment for legitimate players
Devaluation of NFT eggs due to excessive minting

Tools Used

Recommendations

Implement a cooldown mechanism:

contract EggHuntGame is Ownable {

// Minimum time between searches per user

uint256 public constant SEARCH_COOLDOWN = 1 hours;

// Track last search time per user

mapping(address => uint256) public lastSearchTime;

function searchForEgg() external {

require(gameActive, "Game not active");

require(block.timestamp >= startTime, "Game not started yet");

require(block.timestamp <= endTime, "Game ended");

require(

block.timestamp >= lastSearchTime[msg.sender] + SEARCH_COOLDOWN,

"Search cooldown active"

);

// Update last search time before processing

lastSearchTime[msg.sender] = block.timestamp;

// Existing random number generation and egg minting logic

...

}

Additional recommendations:
- Add daily search limits per user
- Implement increasing difficulty based on user's success
- Consider adding a small cost per search attempt
- Add anti-bot measures like CAPTCHA or proof-of-humanity
- Implement progressive cooldown times that increase with frequent usage

Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

No rate limiting

Contract lacks any cooldown mechanism, search limits, or costs in the searchForEgg() function

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.