Owner Privilege Abuse in Egg-Finding Threshold Setting
Summary:
The setEggFindThreshold function allows the owner to change the egg-finding threshold during the game, leading to unfair advantages.
Vulnerability Details
The setEggFindThreshold(uint256 newThreshold) function lets the owner change the difficulty of finding eggs at any time, even during an active game. This opens the door for unfair manipulation:
The owner can increase the threshold to favor specific players.
The owner can decrease it to make the game harder for others.
Players can't trust that the rules will stay consistent throughout the game.
This breaks the fairness and predictability essential for trust in game-based smart contracts.
Impact
Unfair Advantage
The owner can manipulate the difficulty to favor specific players by lowering the threshold when they play.Player Trust Loss
Honest players may lose trust in the game, knowing the rules can change at any time.Economic Exploitation
the owner can exploit the system for financial gain.Centralization Risk
The game appears decentralized, but this ability reveals hidden central control over critical gameplay mechanics.Reputation Damage
Projects with manipulable game logic can lose credibility and community support.
Tools Used
manual review
Recommendations
Add a check to ensure the egg-finding threshold can only be changed when the game is not active. This prevents rule changes during gameplay and ensures fairness for all participants.
Lead Judging Commences
Trusted Owner
Owner is trusted and is not expected to interact in ways that would compromise security
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.