Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Zero threshold DoS vulnerability in EggHuntGame contract

iamthesvn

Summary

The setEggFindThreshold function in the EggHuntGame contract allows the owner to set the egg-finding threshold to zero, which would make it impossible for any player to find eggs during the game. This effectively creates a Denial of Service (DoS) condition for the core functionality of the game.

Vulnerability Details

In the EggHuntGame contract, the setEggFindThreshold function allows the owner to adjust the probability of finding eggs:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}

The function only checks that the threshold is less than or equal to 100, but does not prevent it from being set to zero. If eggFindThreshold is set to zero, it would likely be used in a comparison with a random number to determine if a player finds an egg. With a threshold of zero, this comparison would always fail, making it impossible for any player to find eggs.

Impact

Players would be unable to find any eggs and recources (gas) would be wasted.

Tools Used

Manual review

Recommendations

Implement a lower bound check in the setEggFindThreshold function to ensure the threshold is always greater than zero:

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
require(newThreshold > 0 && newThreshold <= 100, "Threshold must be between 1 and 100");
eggFindThreshold = newThreshold;
}
Updates

Lead Judging Commences

m3dython Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Gas optimization

Strategy to save gas and minimize transaction costs

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.