Eggstravaganza

Summary

The searchForEgg in EggHuntGame contract fails to validate the success of the mintEgg function call before updating the contract state and emitting the EggFound event, which may lead to state inconsistency if minting fails.

Vulnerability Details

Vulnerability Exists in https://github.com/CodeHawks-Contests/2025-04-eggstravaganza/blob/main/src/EggHuntGame.sol#L78

If mintEgg fails due to reverted call, out-of-gas, or internal logic rejection, the contract will still increment counters and emit events, leading to:

• Incorrect egg counts: The counter will be updated without a successful minting.

• False event logs: The event will be emitted even if no egg is minted.

• Broken game logic and false positives: This misalignment in state can cause confusion, leading to incorrect player data or game flow issues.

Impact

Although this does not risk funds or NFTs directly, it causes inconsistencies in the contract's state and behavior. Based on CodeHawks severity guidelines, this qualifies as a Low severity finding.

• State misalignment between the game and NFT contracts.

• Difficulties in debugging, tracking rewards, and player frustration.

Tools Used

Manual code review and analysis

Proof of Concept

In this scenario, if the mintEgg function fails, the contract will still increment the counters and emit the event. This can be exploited by triggering a failure in mintEgg, resulting in incorrect state changes.

Example of inconsistent behavior:

1. A player calls searchForEgg().

2. The random number is less than eggFindThreshold, so the game proceeds.

3. mintEgg fails due to an any internal issue.

4. The state eggCounter and eggsFound[msg.sender] is updated.

5. The event EggFound is emitted despite the failure, creating inconsistency.

Recommendations

The contract should follow the Check, Effect, Interaction pattern to avoid state changes before confirming external interactions succeed. Update the logic to require that minting succeeds before proceeding: