Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Value Check in setEggFindThreshold Function

igorwarkocz

Summary

The setEggFindThreshold function in the EggHuntGame contract lacks validation against zero values, which could accidentally disable the egg-finding mechanism entirely.

Vulnerability Details

The current implementation of the setEggFindThreshold function only validates that the new threshold doesn't exceed 100:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}

If the owner sets the threshold to 0, it would make it impossible for any player to find eggs. This is because in the searchForEgg function, the random number generation produces values from 0 to 99, and an egg is only found when the random number is less than the threshold. With a threshold of 0, this condition can never be met, effectively breaking the core gameplay mechanism.

Impact

LOW severity as it can only be triggered by the contract owner. However, if triggered, it would completely halt egg discovery for all players and waste players gas fees on impossible egg searches.

Tools Used

Manual code review

Recommendations

Implement a minimum threshold check to ensure the game remains playable. Example:

require(newThreshold > 0, "Threshold must be greater than 0");
Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.