EggHuntGame.gameActive doesn't toggle on timeout
Summary
On timeout (end of game time defined in EggHuntGame.startGame() call), EggHuntGame.gameActive is still locked as true.
Vulnerability Details
EggHuntGame.gameActive checks if a game is active or not - having it at true (attainable by successfully calling EggHuntGame.startGame()) will lock the ability to start a new game and unlock the ability to search for eggs (while not being timeout) and end that game. Supposedly, a game should only last in the duration defined in the arguments of EggHuntGame.startGame(); however, since there's no check to call EggHuntGame.endGame() automatically when the timeout condition is satisfied, EggHuntGame.gameActive will stay at true for as long as it takes, until someone manually sends a EggHuntGame.endGame() call.
Impact
Low - this will lock out the option to start a new game by calling EggHuntGame.startGame() again, though it can be easily fixed by calling EggHuntGame.endGame() first.
Tools Used
None
Recommendations
The implementation details of EggHuntGame.sol did include logical checks for timeout, so we could inject EggHuntGame.endGame() call before emitting timeout error and reverting the transaction made post-timeout.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.