Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Owner can set 100% egg finding chance

0xshield

Description:
The setEggFindThreshold() function allows the owner to set any threshold up to 100%:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
// @audit-info the owner can choose to give 100% chance to find an egg
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}

Impact:
While this is an owner-only function, giving the ability to set a 100% success rate could be abused if the owner's keys are compromised. It also reduces trust in the game's fairness since players must trust the owner won't abuse this power.

Proof of Concept:

  1. Owner account is compromised

  2. Attacker sets threshold to 100%

  3. Attacker's address finds egg on every search

  4. All NFTs are minted to attacker immediately

Recommended Mitigation:
Consider adding an upper limit below 100% (e.g. 50%) to maintain some game balance even if the owner account is compromised.

Likelihood and Impact

  • Impact: Low

  • Likelihood: Medium

  • Severity: Low

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!