Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

player can call `timeoutJoin` on any non-existing game, and `canTimeoutJoin` will return true on any non-existing game

vincent71399

Description: Since the enum GameState:Created is 0, if a game is not created, when reading the state of the game,
it will return 0, same as GameState:Created. This cause game.state == GameState.Created to return true on any non-existing game.

Impact: canTimeoutJoin will return incorrect information, which can lead to misleading decisions by users or other contracts.

Proof of Concept: add the following test and run it

function testAuditTimeoutJoinNonExistGame(uint256 anyNonExistGame) public {
(address _playerA, address _playerB,,,,,,,,,,,,,,) = game.games(anyNonExistGame);
vm.assume(_playerA == address(0) && _playerB == address(0)); // ensure it is a non-existing game
vm.startPrank(playerB);
assertTrue(game.canTimeoutJoin(anyNonExistGame)); // it provides wrong information
game.timeoutJoin(anyNonExistGame);
vm.stopPrank();
}

Recommended Mitigation:
add a game state None at the beginning of the enum

enum GameState {
None,
Created,
Committed,
Revealed,
Finished,
Cancelled
}
Updates

Appeal created

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational

Code suggestions or observations that do not pose a direct security risk.

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational

Code suggestions or observations that do not pose a direct security risk.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.