Submission Details
Severity:
No way of knowing if the search is successful or not
Summary
When a player searches for eggs calling the searchForEggs() function, there is no direct way of knowing if the search was successful or not. The function doesn't return a find status.
Unless they check their wallet, check eggsFound or locking through transaction details.
Vulnerability Details
No feedback for players on performed searches
Impact
Negative impact on players experience
Tools Used
Forge Test, Remix, Manual review
Recommendations
Add return messages for succesfull/unsuccessful searches
/// @notice Participants call this function to search for an egg.
/// A pseudo-random number is generated and, if below the threshold, an egg is found.
function searchForEgg() external returns (string memory searchStatus) {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
require(10 <= eggFindThreshold, "Threshold must be >= 10"); // Values lower than 10 not allowed
// Pseudo-random number generation (for demonstration purposes only)
uint256 random =
uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))) % 100;
if (random < eggFindThreshold) {
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
return "Congratulations! You found one egg!"; // Message to signal a successful search
} else {
return "Unsuccsessful search! Try again!"; // // Message to signal a unsuccessful search
}
}
This can also be done in the front end side.
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.