Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-2] Player is not playing with the chance he expected

parkervzone

Summary

When processing a transaction, the chance of winning may change and the user does not expect this chance.

Vulnerability Details

When the player uses the searchForEgg() function, he expects one chance to win, for example, 20%. There may be a situation in which a player's transaction is awaiting processing in a mempool, and the contract owner use setEggFindThreshold() and changed the eggFindThreshold, for example, to 5% and his transaction was executed faster.

Impact

Thus, the player's function will be completed with a 5% chance, and this will be a surprise for him as he expected a 20% chance. Such situations can lead to loss of users and loss of the protocol reputation.

Tools Used

Manual code review

Recommendations

Make sure that the eggFindThreshold cannot be changed during the game. Change the setEggFindThreshold() function as follows:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
+ require(block.timestamp < startTime, "The chance cannot be changed during the game.");
+ require(block.timestamp > endTime, "The chance cannot be changed during the game.");
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!