Incorrect value of remaining game time
Note: The documentation does not clarify whether the game owner is allowed to end the game before the scheduled end time. In the scenario presented below, the owner of the game contract can end the game before the specified time limit.
Summary
When the game owner ends the game before the initial time limit, calling the EggHuntGame::getTimeRemaining function still returns the remaining time based on the initial duration. This is incorrect, as the game is no longer active. The function should reflect that the game has ended and return zero instead.
Vulnerability Details
When the owner starts the game, he sets its duration but can also choose to end it early. Any user can call the EggHuntGame::getTimeRemaining function to check how much time is left. However, if the owner ends the game early, this function still returns the time remaining based on the original duration, which is incorrect.
Impact
The possibility that the EggHuntGame::getTimeRemaining function may return an invalid value.
Proof of Code
Add the following code to the EggHuntGameTest.t.sol file within the EggGameTest contract.
Tools Used
Manual Review
Foundry
Recommended Mitigation
To ensure the function always returns the correct value, it should also check whether the game is still active. Recommended changes in the EggHuntGame contract.
Lead Judging Commences
Incomplete end game handling
Incorrect values reported when a game is ended early
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.