Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Unbounded Game Duration in EggHuntGame::startGame Enables Potential Game State Manipulation

0xluckyluke

Summary

The EggHuntGame::startGame function only implements a minimum duration check (MIN_GAME_DURATION) but lacks a maximum duration limit. This allows the game owner to set arbitrarily long game durations, potentially leading to unintended game states and timestamp overflow risks.

Vulnerability Details

https://github.com/CodeHawks-Contests/2025-04-eggstravaganza/blob/f83ed7dff700c4319bdfd0dff796f74db5be4538/src/EggHuntGame.sol#L41-L48

Current implementation in EggHuntGame::startGame:

function startGame(uint256 duration) external onlyOwner {

require(!gameActive, "Game already active");

require(duration >= MIN_GAME_DURATION, "Duration too short");

startTime = block.timestamp;

endTime = block.timestamp + duration; // No upper bound check

gameActive = true;

emit GameStarted(startTime, endTime);

}

The vulnerability allows:

Setting extremely long game durations (up to type(uint256).max)
Creating games that could run for years or decades
Potential timestamp overflow if block.timestamp + duration exceeds type(uint256).max

Example exploitation:

function testExcessiveDuration() public {

// Set maximum possible duration

game.startGame(type(uint256).max);

// Game will run for ~10^77 years

assertEq(game.endTime(), block.timestamp + type(uint256).max);

// Game remains active indefinitely

vm.warp(block.timestamp + 100 years);

assertEq(game.getGameStatus(), "Game is active");

}

Impact

Games could remain active indefinitely
Difficulty in managing game states
Potential timestamp overflow risks
Confusion for players about game duration
Possible interference with future game iterations

Tools Used

Recommendations

. Implement a maximum duration limit:

contract EggHuntGame is Ownable {

uint256 public constant MIN_GAME_DURATION = 60;

uint256 public constant MAX_GAME_DURATION = 30 days;

function startGame(uint256 duration) external onlyOwner {

require(!gameActive, "Game already active");

require(duration >= MIN_GAME_DURATION, "Duration too short");

require(duration <= MAX_GAME_DURATION, "Duration too long");

// Additional safety check for timestamp overflow

require(

block.timestamp + duration >= block.timestamp,

"Duration overflow"

);

startTime = block.timestamp;

endTime = block.timestamp + duration;

gameActive = true;

emit GameStarted(startTime, endTime);

}

Additional recommendations:
- Add ability to extend/reduce game duration within bounds
- Implement game phases for longer tournaments
- Add emergency game end functionality
- Consider using OpenZeppelin's SafeMath for timestamp calculations
- Add events for duration modifications

Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.