Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Low findings

tomoglava

[L-1]

Owner can end game even if time of the game hasn't elapsed

Summary

When the game starts, it is determined upfront how long it will last. It’s not fair that games end before that predetermined time, yet it is possible to end them.

Vulnerability Details

The function EggHuntGame::endGame can be executed only by the owner, and the only condition checked is whether the game is active or not. Yet, there is a duration for the game determined by the EggHuntGame::EndTime parameter, which can be greater than block.timestamp, meaning the game shouldn’t be ended.

PoC

  1. Owner starts game with duration set to 100

  2. The owner immediately ends the game

  3. Other players cannot play, yet they expect that game stil last.

Following code should be placed inside EggHuntGameTest.t.sol

function testOwnerCanEndGameWhileEndTimeInstReached() public {
vm.startPrank(owner);
game.startGame(100);
game.endGame();
vm.stopPrank();
console.log("Game ended at: ", block.timestamp);
console.log("Game end time: ", game.endTime());
assertLe(block.timestamp, game.endTime());
}

Impact

The player expects to be able to play if the duration time hasn’t elapsed. If the owner called EggHuntGame::endGame while EggHuntGame::EndTime > block.timestamp, any player who tries to call EggHuntGame::searchForEgg will have their transaction rejected. Yet it’s not fair that a player’s transaction is rejected while the predetermined condition of how long the game should last is still valid.

Tools Used

  • VS Code: Cloned the repository locally and identified the vulnerability through manual review.

Recommendations

The Function EggHuntGame::endGame should have one more condition to prevent ending the game while it still lasts.

function endGame() external onlyOwner {
require(gameActive, "Game not active");
+ require(block.timestamp >= endTime, "Game not ended yet");
gameActive = false;
emit GameEnded(block.timestamp);
}

[L-2]

Remaining time of game can be more than 0 after game has ended.

Summary

It is not sensable to have remaining time more than 0 if game has ended, yet owner can cause that kind of situation at his own will. Thus some players wouldn't have corret information about game time.

Vulnerability Details

Using function EggHuntGame::endGame owner can end a game whenever they want. If time determined by EggHuntGame::startGame hasn't elapsed, function EggHuntGame::getTimeRemaining would then provide number bigger than 0 which would be incorrect since game is not active.

Impact

Player can use function EggHuntGame::getTimeRemaining and see that remaining game is more than 0. They can try to play the game by calling EggHuntGame::searchForEgg, but since game is not active their transaction will fail.

Tools Used

  • Vs Code: Cloned the repository locally and identified the vulnerability through manual review.

Recommendations

There are 2 posible solutions:

  • When owner calls EggHuntGame::endGame it can change parameter EggHuntGame::endTime to block.timestamp. That would suggest that time of game has elapsed.

function endGame() external onlyOwner {
require(gameActive, "Game not active");
gameActive = false;
+ endTime = block.timestamp;
emit GameEnded(block.timestamp);
}

  • When owner calls EggHuntGame::endGame and EggHuntGame::endTime > block.timestamp it reverts.

function endGame() external onlyOwner {
require(gameActive, "Game not active");
+ require(endTime <= block.timestamp, "Time of game hasn't elapsed yet")
gameActive = false;
emit GameEnded(block.timestamp);
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!