Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Game state lock prevents future games if owner fails to call `endGame`

0xnbvc

Vulnerability Details

The gameActive state variable is only set to false within the endGame function, which requires owner intervention. The startGame function requires gameActive to be false before initiating a new game. If the owner loses their keys or neglects to call endGame after endTime has passed, gameActive will remain true indefinitely.

// In startGame:
require(!gameActive, "Game already active");
// ...
gameActive = true;
// Only way gameActive becomes false:
function endGame() external onlyOwner {
require(gameActive, "Game not active");
gameActive = false; // Requires owner call
emit GameEnded(block.timestamp);
}

Impact

The contract becomes permanently locked out of starting new games if the owner cannot or does not call the endGame function after the intended game duration (endTime) has elapsed.

Recommendation

Remove the explicit gameActive state variable and rely directly on comparing block.timestamp with startTime and endTime to determine the game's active status within functions.

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.