Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

[L-2] `MIN_GAME_DURATION` too low

parkervzone

Summary

With a high load on the Ethereum network, some users of the protocol will call the searchForEgg() function during the game, but due to the hight load on the network, their transaction will be completed much later and they will not pass the time interval of the game because game ended. This is due to the MIN_GAME_DURATION value being too low, which is a value of 60 seconds.

Vulnerability Details

The contract owner can call the startGame() function with MIN_GAME_DURATION argument. This happens in the startGame() function:

function startGame(uint256 duration) external onlyOwner {

require(!gameActive, "Game already active");

require(duration >= MIN_GAME_DURATION, "Duration too short");

startTime = block.timestamp;

endTime = block.timestamp + duration;

gameActive = true;

emit GameStarted(startTime, endTime);

}

The user uses searchForEgg() the function during the game interval, but due to the high load on the Ethereum network, his transaction will take too long to process, thus not falling into the game interval and not passing require constructions related to the game time (startTime and endTime interval). searchForEgg() source code:

function searchForEgg() external {

require(gameActive, "Game not active");

require(block.timestamp >= startTime, "Game not started yet");

require(block.timestamp <= endTime, "Game ended");

...

}

Impact

Users with insufficiently high gas fees will not be able to use the searchForEgg() during a high load on the Ethereum network. Such situations will result in the loss of a certain number of users.

Tools Used

Manual code review

Recommendations

It is worth increasing the MIN_GAME_DURATION to at least 5 minutes. This solution will keep the players with a low gas fee. Of course, we won't save users with too low a gas fee, but we will save a certain number of users.

Changes to the code:

contract EggHuntGame is Ownable {

/// @notice Minimum game duration in seconds.

- uint256 public constant MIN_GAME_DURATION = 60;

+ uint256 public constant MIN_GAME_DURATION = 300;

...

}

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Gas optimization

Strategy to save gas and minimize transaction costs

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!