Eggstravaganza

First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: medium
Invalid

Zero Egg Find Threshold Prevents Game Progression

Summary

If the owner sets setEggFindThreshold() to 0, no participant can find the egg, rendering the game non-functional.

Vulnerability Details

The EggHuntGame contract has a function to set the threshold of egg finds, which limits the upper bound but not the lower bound. If the owner accidentally sets the threshold to 0, the game fails to proceed since no participant can find an egg.

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
// Pseudo-random number generation (for demonstration purposes only)
uint256 random =
uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))) % 100;
if (random < eggFindThreshold) { // if eggFindThreshold is 0, this condition will never success
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
}
}

Impact

If the threshold is set to 0, the game becomes non-functional as no eggs can be found by participants, regardless of the random number generated. This effectively breaks the core gameplay mechanics.

Tools Used

Manual review

Recommendations

Implement a condition to prevent the threshold from being set to 0:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
+ require(newThreshold != 0, "Threshold can not be 0");
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}
Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.