Allows early game termination without checking endTime
Summary
-
Contract:
EggHuntGame -
Function Audited:
endGame() -
Issue Identified: Lack of
endTimecheck in theendGame()function. -
Impact: Game can be ended earlier than the duration agreed upon, affecting fairness.
-
Status: Unresolved (fix recommended)
Vulnerability Details
The endGame() function allows the game owner to manually terminate the game at any time after it starts, without verifying whether the game's predefined duration (endTime) has passed.
This means the owner could end the game prematurely, violating the expected behavior established in the startGame() function, which sets a minimum duration (MIN_GAME_DURATION) and calculates endTime.
Impact
Loss of Fairness: Players expect the game to last for the entire duration set during
startGame(). Premature termination breaks this trust.Reputation Risk: If players observe games ending unexpectedly early, it could damage the credibility of the platform or dApp.
Potential Exploitation: Malicious or impatient owners could stop the game early to prevent others from earning rewards or participating equally.
Tools Used
Manual review of the smart contract code.
Recommendations
Modify the endGame() function to enforce that the game can only be ended once the endTime has passed.
✅ Suggested Fix:
Lead Judging Commences
Trusted Owner
Owner is trusted and is not expected to interact in ways that would compromise security
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.