The EggHuntGame
contract allows the owner to arbitrarily update the eggFindThreshold
during the game via the setEggFindThreshold()
function. This can be manipulated to guarantee egg discovery by temporarily increasing the threshold to 100%, effectively rigging the game.
The setEggFindThreshold(uint256 _newThreshold)
function is restricted to the contract owner. There are no safeguards preventing the owner from calling this function at any point during the game.
This introduces a centralization risk and allows a malicious or opportunistic owner to:
Start the game with a low threshold.
Fail a few attempts intentionally.
Set the threshold to 100%.
Call searchForEgg()
again and guarantee success.
Optionally reduce the threshold again to avoid detection.
Game Integrity Compromise: The fairness of the egg hunt is entirely compromised.
Centralized Exploitability: A malicious owner can mint as many eggs as desired.
Trust Erosion: If users are aware the game is modifiable on the fly, it undermines player trust.
Economic Risk: If NFTs have value, the owner can farm them unfairly, affecting scarcity and user rewards.
Manual Code Review
Foundry Unit Test Simulation
Restrict changes to eggFindThreshold
after the game has started.
Owner is trusted and is not expected to interact in ways that would compromise security
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.