Lack of `timeOutCommit` function allows malicious player A to cause player B's funds and game to be stuck
Summary
In RockPaperScissors contract, there is a lack of a timeoutCommit function. Malicious A can create a game and wait for player B to join. Then, player A refuses to commit a move. Since only the game creator (player A) can cancel the game, player B's funds are stuck and the game state is also stuck. There is no benefit for player A, this is just a griefing attack on player B.
Vulnerability Details
The following is the attack path
Malicious player A creates game and wait for player B to join
Player A refuses to commit a move
Player B cannot cancel the game
PoC
Place the following into RockPaperScissorsTest.t.sol and run
forge test --mt testPlayerBCannotCancelGame
Impact
Impact: High, player B funds are stuck, game is stuck
Likelihood: Low, no benefit to player A as player A's funds are stuck as well in this griefing attack
Severity: Medium
Tools Used
Manual review
Recommendations
Implement a timeoutCommit function to cancel the game after a timeout duration if either player does not commit a move.
Appeal created
Player B cannot cancel a game if Player A becomes unresponsive after Player B joins
Protocol does not provide a way for Player B to exit a game and reclaim their stake if Player A stops participating
Player B cannot cancel a game if Player A becomes unresponsive after Player B joins
Protocol does not provide a way for Player B to exit a game and reclaim their stake if Player A stops participating
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.