Rock Paper Scissors

First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Missing Commit Phase Timeout Vulnerability

Summary

A critical Denial-of-Service vulnerability in the commitMove function where players can indefinitely stall game progression after the first turn. This vulnerability allows malicious actors to lock funds and disrupt legitimate gameplay, potentially causing significant financial losses and reputational damage.

Vulnerability Details

Commit Phase Timeout

commitMove function

🔗 Code Reference

Impact

Staked ETH/tokens remain permanently locked
Potential total loss of deposited funds
Unrecoverable assets due to indefinite game stall

Tools Used

Manual code review of commitMove function

Recommendations

Implement timeout mechanism for commit phase

Updates

Appeal created

m3dython Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game State Manipulation Preventing Opponent Commit

Attack allows a player to reveal their move for the next turn before the opponent commits

m3dython Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game State Manipulation Preventing Opponent Commit

Attack allows a player to reveal their move for the next turn before the opponent commits

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.