Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Unbounded Minting in Token-Based Game Cancellation Refund Logic

bigchapo21

Summary The RockPaperScissors contract mints new WinningToken tokens to refund players when a token-based game is canceled. However, it does not return the actual deposited tokens, which remain in the contract. This leads to duplicated tokens and unchecked inflation, which can be abused by the contract owner.

Vulnerability Details In the _cancelGame function: if (game.bet == 0) {
if (game.playerA != address(0)) {
winningToken.mint(game.playerA, 1);
}
if (game.playerB != address(0)) {
winningToken.mint(game.playerB, 1);
}
}. The logic mints new tokens** to refund players when they cancel a token-based game. However, when the game is initialized, players deposit existing tokens **into the contract — which are never burned or returned upon cancellation. The original tokens accumulate in the contract, while new tokens are minted to players. This means the admin (or any party with access to those contract-held tokens in future upgrades or added features) could potentially withdraw or manipulate the token supply without proper on-chain accounting.

Impact Could be used to farm free tokens by repeatedly creating and canceling games.

Tools Used manual code review

Recommendations Return original deposited tokens** **instead of minting new ones

Updates

Appeal created

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.