Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Game Can Run Indefinitely Without Manual Owner Intervention

igorwarkocz

Summary

The EggHuntGame contract's startGame function lacks automatic game state management. Even after endTime is reached, gameActive remains true until the owner manually calls endGame(). This creates a confusing state where the game appears active but egg finding is blocked.

Vulnerability Details

The game state management has a design flaw in the startGame function:

function startGame(uint256 duration) external onlyOwner {
require(!gameActive, "Game already active");
require(duration >= MIN_GAME_DURATION, "Duration too short");
startTime = block.timestamp;
endTime = block.timestamp + duration;
gameActive = true; // This remains true even after endTime
emit GameStarted(startTime, endTime);
}

This creates inconsistent behavior across different functions:

  1. searchForEgg() blocks egg finding after endTime

  2. getGameStatus() returns "Game time elapsed"

  3. But gameActive remains true

Impact

LOW severity as it doesn't affect token security or game fairness

Tools Used

Manual code review

Recommendations

Add automatic game state management

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.