Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

missing returns on function `searchForEgg`

mizila_firox

Summary

missing returns on function `searchForEgg` can mislead other contracts not knowing if the minting of the egg was successful or not

Vulnerability Details

Assuming the game is active normally and on time and the user calls this function it's not much clear if the user found an egg or not, since the function doesn't return anything if an egg was found or not. by returning true or false it would help greatly other contracts interacting with it.

https://github.com/CodeHawks-Contests/2025-04-eggstravaganza/blob/main/src/EggHuntGame.sol#L63-L81

/// @notice Participants call this function to search for an egg.
/// A pseudo-random number is generated and, if below the threshold, an egg is found.
function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
// Pseudo-random number generation (for demonstration purposes only)
uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
) % 100;
if (random < eggFindThreshold) {
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
}
}

Impact

not retuning true or false can lead to confusion wether it was minted or not when other contracts are interacting with this function

Tools Used

manual

Recommendations

return true if minted and false if not minted an egg.

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!