Eggstravaganza

Summary

The owner can instantly terminate the game via endGame(), bypassing the set duration. This enables arbitrary game termination, undermining fair play.

Vulnerability Details

Unrestricted Game Termination:

• The provided test case testAdminStartAndStopGame() shows that the owner can start the game with a specified duration (e.g., 100 seconds) and then immediately end it using the endGame() function.

• Relevant code snippets:

  • game.startGame(100);

  • game.endGame();

• This functionality allows the owner to bypass the intended game duration, potentially disrupting gameplay and creating an unfair environment for participants.

Impact

• The contract owner has complete control over the game's active state, enabling them to arbitrarily terminate the game at any moment.

• This could lead to player dissatisfaction and a loss of trust if the game is ended prematurely or unexpectedly.

Tools Used

• Manual code review of the provided test case and the relevant EggHuntGame contract functions.

Recommendations

• 1. Evaluate Game Termination Logic:

  • Carefully consider whether the ability to immediately terminate the game is intended behavior.

  • If premature termination should be restricted, implement checks within the endGame() function to enforce a minimum game duration or prevent termination before the intended endTime.

• 2. Add a separate function for emergency shutdown:

  • If the ability to end the game prematurely is required for edge cases, or emergency situations, create a separate function called forceEndGame, or emergencyShutdown, that is clearly labeled, so that the endGame function can be used for normal game flow.