joinGameWithEth and joinGameWithToken function does not have any access control
Summary
The joinGameWithEth and joinGameWithToken function does not have any access control and can be called multiple times by multiple users which could overwrite the current playerB (second player to join)
Vulnerability Details
Consider a scenario where
Player A starts the game with a bet amount of 1 ETH
A game is created with gameID 0.
Player B joins the game by entering the gameId(gameId= 0) and the bet amount 1 ETH.
Player C joins the same game (gameId=0)
In this case the playerC is now the second player to join the game and not player B.
Anyone can enter a game at any turn and commit a move which is very risky.
Impact
This is a high risk vulnerability where anyone can enter the game in any turn and overwrite the second player in the game and can commit a move.
Tools Used
Foundry
Recommendations
Add a check to ensures that joinGameWithETH and joinGameWithToken function can be called only if the seconf player variable in the game struct is empty
Appeal created
Absence of State Change on Join Allows Player B Hijacking
Game state remains Created after a player joins
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.