Anyone can modify the game state to cancelled
Here we are not creating any game and can still able to emit the RockPaperScissors::GameCancelled
for any gameId in the RockPaperScissors::games
Ran 1 test for test/RockPaperScissorsTest.t.sol:RockPaperScissorsTest
[PASS] testTimeoutJoinScenario() (gas: 44160)
Traces:
[44160] RockPaperScissorsTest::testTimeoutJoinScenario()
├─ [0] VM::prank(playerA: [0x23223AC37AC99a1eC831d3B096dFE9ba061571CF])
│ └─ ← [Return]
├─ [32907] RockPaperScissors::timeoutJoin(1)
│ ├─ emit GameCancelled(gameId: 1)
│ └─ ← [Return]
└─ ← [Return]
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.12ms (48.25µs CPU time)
-> As many real world frontend DEFI applications rely on the events emitted by the contract for a quick confirmation to showup in the UI . if some one has created a new game and the next minute an attacker can emit that gameId as cancelled to trick the new users
-> This will modify the game.state
value too
-> This may impact all the conditions wherever we are using checks based on game.state
For game.state
change , we need to follow this one
We need to mitigate this default enum risk here
Only emit the when the game is really cancelled
timeoutJoin function allows cancellation and emits a GameCancelled event for any game ID
timeoutJoin function allows cancellation and emits a GameCancelled event for any game ID
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.