Incorrect Time Remaining Calculation When Game is Manually Ended
Summary
The getTimeRemaining() function in the EggHuntGame contract does not account for the game being manually ended through the endGame() function, leading to misleading information about the game state.
Vulnerability Details
The getTimeRemaining() function only checks if the current time has exceeded the scheduled end time, but ignores the gameActive state variable:
Even after the owner calls endGame() to end the game prematurely, this function will still return a non-zero value until the originally scheduled end time is reached.
Impact
Misleading information provided to users and frontend applications
Potential confusion about whether the game is still active
Inconsistency between the game's actual state and the reported remaining time
Scenario:
Owner starts a game with a duration of 1 hour
After 30 minutes, the owner calls
endGame()to end the game prematurelyThe game is no longer active (
gameActive == false)However,
getTimeRemaining()will still return 30 minutesThis creates confusion as users might think they still have time to participate
Tools Used
Manual review
Recommendations
Modify the getTimeRemaining() function to also check the gameActive state variable:
This change ensures that the function returns 0 when the game has been manually ended, providing consistent and accurate information to users and frontend applications.
Lead Judging Commences
Incomplete end game handling
Incorrect values reported when a game is ended early
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.