The EggHuntGame.sol
contract allows the game owner to call endGame()
at any time while the game is active, without enforcing that the scheduled endTime
has passed. This gives the owner the ability to prematurely terminate the game, potentially disrupting gameplay and creating an unfair experience for players who are actively participating.
While this does ensure that the game is active before ending it, there is no check that the current block timestamp (block.timestamp
) has reached or passed the predefined endTime
.
This allows the owner to terminate the game arbitrarily early — even seconds after it started — undermining the purpose of having a game duration at all.
Unfair Gameplay: Players may be actively trying to mint eggs and suddenly find the game terminated by the owner.
Loss of Trust: The ability to arbitrarily end the game can cause players to question the fairness and integrity of the game.
Potential Abuse: The owner can use this to deny others the opportunity to collect eggs, giving an unfair advantage to insiders or bots run by the owner.
Inconsistent User Experience: Frontends may reflect misleading "time remaining" while the backend arbitrarily ends the session.
Manual Review
Implement a check in endGame()
to ensure that the current time has passed the scheduled end:
Alternative or additional recommendations:
Allow early termination only under a special "emergency stop" condition (with event logging).
Allow early termination only if a majority of players vote to end the game (DAO-style logic).
Log a reason when ending early, for transparency.
Incorrect values reported when a game is ended early
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.