Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-02] `eggFindTreshold` should not be adjusted during an active game

vladich0x

Summary

[L-02] eggFindTreshold should not be adjusted during an active game

Vulnerability Details

The function EggHuntGame.sol::setEggFindThreshold() allows the game owner to adjust the egg-fining chance setting up the state varialbe eggFindTreshold. There is no check if the treshold is updated during an active game. This will compromise the game fairness and will lead to different possibility of egg-finding for different players.

function setEggFindThreshold(uint256 newThreshold) external onlyOwner { // game config should not be updated during active games
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}

Impact

Missing a check for state variable gameActive allows the game owner to update the treshold during an active game, which leads to:

  • compromising the game fairness

Tools Used

Manual review

Recommendations

Add the following check to EggHuntGame.sol::setEggFindThreshold()

function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
+ require(!gameActive, "Game is active");
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
}
Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.