Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect logic for checking if game has ended

0xkemah

Description: The check logic used to determine if game has ended in both EggHuntGame::endGame and EggHuntGame::getGameStatus checks whether block.timestamp is less than or equal to EggHuntGame::endTime. This implies that when the current time is exactly the same as the stipulated end time, a player can still search for eggs. However, the expected behaviour is that when the current time reaches the end time, the game should be over — players should no longer be allowed to search for eggs, and game status should indicate that the game time has elapsed.

These can be seen in the code snippet below:

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
@> require(block.timestamp <= endTime, "Game ended");
...
}
function getGameStatus() external view returns (string memory) {
if (gameActive) {
if (block.timestamp < startTime) {
return "Game not started yet";
@> } else if (block.timestamp >= startTime && block.timestamp <= endTime) {...}
...
}

Impact: The intended game rule is violated by allowing players to join the game when the current time is equal to the game's end time. This will allow players to gain an unfair advantage by continuing to search for eggs after the game should have ended. It might also cause confusion for players checking to know if the game has ended.

Proof of Code:
Code:

function test_PlayersCanJoinGameWhenCurrentTimeisEqualToEndTime() public {
// owner starts the game with a duration of 100 seconds
game.startGame(100);
// Set the current time to the end time
vm.warp(game.endTime());
// check that bob can join the game
vm.prank(bob);
game.searchForEgg();
// check that game status is still active
string memory status = game.getGameStatus();
assertEq(status, "Game is active");
}

Recommended Mitigation: The comparison logic in EggHuntGame::searchForEgg and EggHuntGame::getGameStatus functions should be updated to use a strict less-than (<) condition instead of less-than-or-equal (<=). This will ensure that when the current time reaches the stipulated end time, the game status will correctly show that the game has ended and players will not be able to search for eggs.

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
- require(block.timestamp <= endTime, "Game ended");
+ require(block.timestamp < endTime, "Game ended");
...
}
function getGameStatus() external view returns (string memory) {
if (gameActive) {
if (block.timestamp < startTime) {
return "Game not started yet";
}
- else if (block.timestamp >= startTime && block.timestamp <= endTime)
+ else if (block.timestamp >= startTime && block.timestamp < endTime)
...
}
Updates

Lead Judging Commences

m3dython Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.