Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

M-01. [M-1]: Frontrunning in Commit Phase

0xryker

Summary

The commit phase is vulnerable to frontrunning because the second player is able to see the first player's commit before making their own. This allows the second player to choose their move based on this information.

Vulnerability Details

Proof of Concept

function testFrontrunningCommitPhase() public {
// Player A creates game
vm.prank(playerA);
gameId = game.createGameWithEth{value: BET_AMOUNT}(1, TIMEOUT);
// Player B joins
vm.prank(playerB);
game.joinGameWithEth{value: BET_AMOUNT}(gameId);
// player A commits
bytes32 saltA = keccak256(abi.encodePacked("salt for player A"));
bytes32 commitA = keccak256(
abi.encodePacked(uint8(RockPaperScissors.Move.Rock), saltA)
);
vm.prank(playerA);
game.commitMove(gameId, commitA);
// Player B commits
bytes32 saltB = keccak256(abi.encodePacked("salt for player B"));
bytes32 commitB = keccak256(
abi.encodePacked(uint8(RockPaperScissors.Move.Paper), saltB)
);
vm.prank(playerB);
game.commitMove(gameId, commitB);
// B has higher chance of winning
}

Impact

The second player to commit gains an unfair advantage by being able to modify their strategy after seeing the first commit.

Tools Used

  1. Foundry

  2. VS Code

Recommendations

  1. Add a two-phase commit where both players commit without seeing each other's commits.

  2. Make use of a commit-reveal scheme where the two commits are submitted at the same time through a merkle tree.

  3. Or, require the two players to deposit before either can commit.

Updates

Appeal created

m3dython Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.