Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

H-02. [H-2] ETH Locked in Cancelled Games

0xryker

Summary

If a game is cancelled after the deadline of joining but before any moves are committed, the ETH will remain trapped in the contract until someone calls cancelGame or timeoutJoin.

Vulnerability Details

Proof of Concept

function testLockedFunds() public {
vm.prank(playerA);
gameId = game.createGameWithEth{value: BET_AMOUNT}(1, TIMEOUT);
// Let join deadline pass
vm.warp(block.timestamp + 25 hours);
// Funds still locked
assertEq(address(game).balance, BET_AMOUNT);
// Need explicit timeout call
vm.prank(playerA);
game.timeoutJoin(gameId);
}

Impact

Funds will be locked indefinitely if players abandon games.

Tools Used

  1. Foundry

  2. VS Code

Recommendations

  1. Automatic Timeout Refunds by adding that the game expire after X days (e.g., 31 days).

  2. Also, add that Anyone can trigger a refund for expired games.

  3. Add an implementation for ETH to automatically return to players.

Updates

Appeal created

m3dython Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Orphaned ETH due to Unrestricted receive() or Canceled Game

ETH sent directly to the contract via the receive function or after a canceled game becomes permanently locked

m3dython Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Orphaned ETH due to Unrestricted receive() or Canceled Game

ETH sent directly to the contract via the receive function or after a canceled game becomes permanently locked

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.