Description: The function EggHuntGame::setEggFindThreshold
can be called at anytime the owner wants to. This brings a huge problem to the protocol. The owner can call the function even when the game is active, meaning he can control when the chance of finding an egg is 100% or close to 0% whilst the game is active. This can become a problem if the owner is trying to use the protocol to his advantage and mint egg NFTs with a higher chance.
Impact: The owner can find and mint egg NFTs by changing the chance to 100% then changing it back right after he finds an egg to a much lower percentage, getting a huge advantage over the other players.
Proof of Concept:
Owner starts the game
Bob tries to find and egg with a 10% chance
Owner sets the finding chance to 100%
Owner finds and egg and mints the NFT
Owner sets the threshold back to 10
Alice tries to find and egg with a 10% chance
Owner deposits the egg to the Vault
Put this in EggHuntGameTest.t.sol
:
Recommended Mitigation: To mitigate this it is recommended to add a require
at the start of the function to check whether the game is active or not. If it is not active revert the function call.
Owner is trusted and is not expected to interact in ways that would compromise security
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.