Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

The owner of `EggHuntGame` can end game at any time while game is active

0xkemah

Description: The owner of the EggHuntGame contract is allowed to end game at any point during the active duration of the game. This makes it impossible for players to search for eggs, even if the game duration has not yet expired, effectively restricting participation within the stipulated gaming time frame.

Impact: Players can be restricted from participating in the game, even if the stipulated duration has not expired.

Proof of Code:

Code

function test_PlayersCannotJoinGameWithinDuration() public {
// start the game with a duration of 3600 seconds
game.startGame(3600);
// owner stops the game 1000 seconds into the game
vm.warp(block.timestamp + 1000);
game.endGame();
vm.expectRevert("Game not active");
vm.prank(alice);
game.searchForEgg();
assert(block.timestamp < game.endTime());
assert(block.timestamp > game.startTime());
}

Recommended Mitigation: Add a check to the EggHuntGame::endGame function to ensure that the duration of the game has fully elapsed before allowing the owner to end the game. This will help preserve the integrity of the game's intended timeline and ensure fair participation for all players.

function endGame() external onlyOwner {
require(gameActive, "Game not active");
+ require(block.timestamp >= game.endTime);
gameActive = false;
emit GameEnded(block.timestamp);
}
Updates

Lead Judging Commences

m3dython Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.