Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Premature Game Termination by Owner

lazyrams

Summary

The endGame() function allows the owner to terminate the game before the scheduled endTime, disrupting the game's fairness and expected duration.

Vulnerability Details

Location: EggHuntGame.sol, endGame() function
Code Snippet:

function endGame() external onlyOwner {
require(gameActive, "Game not active");
gameActive = false; // 🚨 No check for `block.timestamp >= endTime`
emit GameEnded(block.timestamp);
}

Impact

Issue:

  • Missing Time Validation: The owner can call endGame() at any time (even before endTime), forcibly stopping the game.

  • Contradicts Game Logic: The searchForEgg() function checks both gameActive and block.timestamp <= endTime. Prematurely setting gameActive = false blocks players from searching even during the valid game period.

Attack Scenario:

  1. Game is scheduled to run for 24 hours (startTime = T, endTime = T + 86400).

  2. Owner calls endGame() at T + 12 hours.

  3. gameActive becomes false, and players cannot call searchForEgg() despite 12 hours remaining.

Tools Used

  • Manual review

Recommendations

Restrict endGame() to Post-endTime (If Manual Control is Necessary):

function endGame() external onlyOwner {
require(gameActive, "Game not active");
require(block.timestamp >= endTime, "Game not yet ended"); // 🛡️ Add check
gameActive = false;
emit GameEnded(block.timestamp);
}
Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incomplete end game handling

Incorrect values reported when a game is ended early

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.