Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect comparison for egg finding threshold in `EggHuntGame::searchForEgg`

medinamv

Summary

The code contains a vulnerability in the comparison logic for the random value and the eggFindThreshold. Currently, the condition checks if random < eggFindThreshold, which results in an incorrect threshold comparison. If random equals the value of eggFindThreshold, the player does not win, even though they should. The comparison should instead check if random <= eggFindThreshold to ensure that the percentage chance works as intended.

Vulnerability Details

In the current code, the random value is compared with the eggFindThreshold to determine whether the player successfully finds an egg. The issue arises because the condition uses random < eggFindThreshold, which excludes the possibility of winning when random is equal to eggFindThreshold. For example, if the eggFindThreshold is set to 20, a random value of 20 will incorrectly fail the condition, even though it should result in a successful egg finding.

if (random < eggFindThreshold) {
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
}

Impact

The winning percentage is less than it should be.

Tools Used

  1. Foundry.

  2. Manual Review.

Recommendations

Fix the comparison logic:

- if (random < eggFindThreshold) {
+ if (random <= eggFindThreshold) {
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
}
Updates

Lead Judging Commences

m3dython Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.