Rock Paper Scissors

Summary

The _cancelGame() function attempts to mint tokens back to players in games without an Ether bet (game.bet == 0). However, it does not check the success of the winningToken.mint() operation. If the minting fails (e.g., due to contract issues or reaching token supply limits), players might not receive their refund, leading to loss of funds or inconsistent game states.

Vulnerability Details

• Unchecked Minting: The code calls winningToken.mint() without checking the return value or emitting events that indicate success or failure of the minting operation

  function _cancelGame(uint256 _gameId) internal {

  ............

  if (game.bet == 0) {

  if (game.playerA != address(0)) {

  winningToken.mint(game.playerA, 1);

  }

  if (game.playerB != address(0)) {

  winningToken.mint(game.playerB, 1);

  }

  }

• Inconsistent State: If the mint() operation fails for one or both players, the game will be marked as Cancelled, but the players might not have received their tokens back, leading to an inconsistent state where the contract holds tokens that should have been refunded.

Impact

• Players in token-based games might not receive their tokens back if the minting fails during cancellation.

• The game state is marked as Cancelled, but the token refund might not have occurred.

Tools Used

• Manual Code Review

Recommendations

• Check the return value of the mint() function if the winningToken contract provides one, or rely on emitted events to ensure the minting was successful. If the winningToken does not provide a reliable way to check success, consider using safeMint ().