Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Owner Privileges Could Disrupt Game Flow

hoossayn

Summary

Owner can change contract addresses and game parameters at any time, potentially disrupting an active game.

Vulnerability Details

The owner can call setGameContract(), setEggNFT(), endGame(), etc. at any time, even during an active game session.

Impact

Could lead to inconsistent game state, unexpected failures, or even allow a malicious or compromised owner to manipulate gameplay unfairly

Tools Used

Code Review

Recommendations

Add game state checks to sensitive functions and consider implementing a time lock for critical changes:

// In EggstravaganzaNFT
function setGameContract(address _gameContract) external onlyOwner {
require(!EggHuntGame(gameContract).gameActive(), "Cannot change during active game");
// Rest of function
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Appeal created

mishoko Auditor
8 months ago
m3dython Lead Judge
8 months ago
m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!