Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Lack of cooldown Mechnism Allows user to call SearchEgg Multuple Times till they eventually win

damboy

Summary

The EggHuntGame contract lacks a per-user cooldown mechanism for attempting to discover or mint eggs. This omission allows users to interact with the egg-finding functionality unrestricted, potentially leading to brute-force exploitation of the pseudo-randomness logic. The vulnerability undermines the fairness and integrity of the game, especially in a competitive or reward-based setting.

Vulnerability Details

The core logic responsible for determining whether a player "finds" an egg in the searchForEgg function is as follows:

uint256 random = uint256(

keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))

) % 100;

if (random < eggFindThreshold) {

eggCounter++;

eggsFound[msg.sender] += 1;

eggNFT.mintEgg(msg.sender, eggCounter);

emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);

}

This function lacks any type of rate limiting or time-based restriction per user. Since the function can be called repeatedly in rapid succession, an attacker (or even a determined player) can spam the function within the same block or across multiple blocks to:

Attempt multiple pseudo-random draws quickly
Increase their odds of finding an egg

This is because:

block.timestamp changes each block (but is predictable within a range)
eggCounter increases deterministically after a successful find
No gas penalty or restriction is stopping the user from calling this over and over

Players are incentivized to run aggressive scripts to find eggs quickly without a cooldown, bypassing the intended "chance" mechanic.

Impact

Fairness Violation: Users with scripting or botting capabilities gain an unfair advantage over honest players who interact normally.
Brute-force Exploitability: Attackers can call the function repeatedly to force random values below eggFindThreshold, especially if they understand how to manipulate the inputs.
Denial of Service Risk: If there’s a limited supply of eggs, a spammer could deplete the egg pool before others get a chance.
Gas Inefficiency and Network Strain: Repeated calls with no restriction can bloat transactions and lead to high gas consumption.

Tools Used

Manual Review

Recommendations

Implement a Per-User Cooldown Mechanism Add a lastEggAttempt mapping to track the timestamp of the last interaction and allow the owner to tune the cooldownTime to adapt game dynamics if needed.

Updates

Lead Judging Commences

m3dython Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

No rate limiting

Contract lacks any cooldown mechanism, search limits, or costs in the searchForEgg() function

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.