Eggstravaganza

Summary

Eggs might become inaccessible after the game ends. However, the protocol's design allows users to withdraw eggs via EggVault.withdrawEgg() independently of the game state. The core issue lies in user awareness and frontend integration, not permanent asset loss.

Vulnerability Details

The EggHuntGame contract's endGame function only affects game activity (e.g., searchForEgg), while the EggVault contract's withdrawal mechanism remains operational post-game. Users retain the ability to call withdrawEgg() directly on the vault contract even after game termination, as there are no game-state checks in the vault.

Key Correction:
There is no claimEgg function in the system - the correct recovery mechanism (withdrawEgg) exists and remains functional. The original report conflated game-state controls with vault operations.

Impact

Severity: Low
Likelihood: Low
Impact: Low

While eggs are technically recoverable through direct contract interaction, the risk lies in poor UX design if the frontend hides this capability. However, this does not constitute a protocol-level vulnerability.

Updated PoC

1. Alice deposits an egg using depositEggToVault.

2. The egg is transferred to EggVault and recorded in eggDepositors.

3. Owner calls endGame, disabling game functions.

4. Alice successfully calls EggVault.withdrawEgg(tokenId) to retrieve her NFT.

Recommendations

1. Improve Documentation: Explicitly document the withdrawEgg functionality in both smart contracts and UI copy.

2. Frontend Integration: Ensure the game interface maintains a post-game withdrawal interface.