Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Time Verification When Ending the Game

jfornells

Description:

In EggHuntGame::endGame, the contract does not validate whether the game's duration has fully elapsed before allowing the owner to end it. This enables the owner to terminate the game prematurely.

Impact:
Players may lose the opportunity to participate and obtain an EggstravaganzaNFT, which affects the fairness of the game.

Proof of Concept:

function test_endGame() public {
vm.startPrank(owner);
// Owner starts the game with a duration of 1 week.
game.startGame(1 weeks);
// After 2 days, the owner ends the game.
vm.warp(block.timestamp + 2 days);
game.endGame();
// Verifies that the game is no longer active.
assertFalse(game.gameActive());
}

Result:

Ran 1 test for test/EggHuntGamesTest2.t.sol:EggGameTest2
[PASS] test_endGame() (gas: 66225)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 4.30ms (1.18ms CPU time)

Tools Used

Manual review, Foundry

Recommended Mitigation:

It is recommended to add a check to ensure that the game time has elapsed before allowing the owner to end the game. This ensures the game runs for its intended duration and prevents premature termination.

function endGame() external onlyOwner {
+ require(block.timestamp >= endTime, "Game time has not ended yet");
require(gameActive, "Game not active");
gameActive = false;
emit GameEnded(block.timestamp);
}
Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Trusted Owner

Owner is trusted and is not expected to interact in ways that would compromise security

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.