Premature Game Termination Vulnerability in EggHuntGame Contract
Summary
In the `EggHuntGame::endgame` unction lacks a check to verify that the game duration has elapsed before ending the game. Although a helper function getTimeRemaining() exists, its logic is not enforced in endGame(), potentially allowing the game owner to end the game prematurely.
Vulnerability Details
The EggHuntGame contract allows the owner to end a game by calling the endGame() function. However, this function only checks if the game is active, not whether the scheduled end time has passed. As a result, the owner can terminate the game before the intended duration is complete, affecting game fairness and user expectations. This issue is classified as medium severity if the design intends to run the game until endTime.
Impact
Without the time check, the game owner might accedently end the game prematurly potentially impacting rewards or game dynamics.
Tools Used
Manual review
Recommendations
Modify the function to have a requirement like this
Lead Judging Commences
Trusted Owner
Owner is trusted and is not expected to interact in ways that would compromise security
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.