Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Manual Game Termination Can Lead to Extended Gameplay

thecarrot

[M-01] Manual Game Termination Can Lead to Extended Gameplay

Summary

The EggHuntGame contract relies on the contract owner to manually call the endGame() function to deactivate the game, even after the specified endTime has passed. This introduces a discrepancy between the intended end time of the game and its actual deactivation, potentially leading to unintended gameplay behavior.

Vulnerability Details

The startGame() function sets both startTime and endTime, and activates the game via the gameActive boolean flag:

function startGame(uint256 duration) external onlyOwner {

require(!gameActive, "Game already active");

require(duration >= MIN_GAME_DURATION, "Duration too short");

startTime = block.timestamp;

endTime = block.timestamp + duration;

gameActive = true;

emit GameStarted(startTime, endTime);

}

However, once endTime has passed, the game remains active unless the owner explicitly calls:

function endGame() external onlyOwner {

require(gameActive, "Game not active");

gameActive = false;

emit GameEnded(block.timestamp);

}

Because the searchForEgg() function permits egg hunting as long as block.timestamp <= endTime and gameActive == true, the game can continue beyond its expected time window if endGame() is not called promptly.

Impact

Extended gameplay beyond the intended time if the owner forgets or delays calling endGame().
Potential for abuse if the owner maliciously allows extended access to egg minting beyond the advertised end time

Tools Used

Manual code review

Recommendations

Automatically disable the game when endTime is reached within searchForEgg()
Alternatively, use a modifier like onlyWhileGameActive() that checks both gameActive and the block.timestamp.

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.