Incorrect time remaining calculation when game ends early
Summary
The getTimeRemaining function calculates the time left based on the scheduled endTime. However, if the game is manually ended early via the endGame function, getTimeRemaining will still report a non-zero remaining time until the original endTime is reached, which is inaccurate.
Vulnerability Details
The getTimeRemaining function calculates the remaining time as the difference between the endTime state variable and the current block.timestamp:
The endGame function allows the owner to stop the game prematurely by setting the gameActive flag to false:
Critically, endGame does not update the endTime variable. Consequently, if endGame is called before the initially scheduled endTime, the getTimeRemaining function will continue to return a positive value, suggesting the game is still running for the remainder of the originally scheduled duration, even though gameActive is false.
Impact
This discrepancy can mislead users or front-end applications relying on getTimeRemaining to display the game's status. It might show time remaining for a game that is actually inactive, causing confusion or potentially impacting user interactions based on perceived game state.
Tools Used
Manual Review
Recommendations
Modify the getTimeRemaining function to consider the gameActive status. If the game is not active, it should return 0 regardless of the endTime.
Lead Judging Commences
Incomplete end game handling
Incorrect values reported when a game is ended early
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.