Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Permanent Token Lock Due to Missing Withdrawal Mechanism

freesultan

Summary

In the RockPaperScissors contract, tokens received from joinGameWithToken and createGameWithToken are permanently locked in the contract as there is no function to withdraw or transfer these tokens, and the contract is the owner of the token contract. This creates an ever-growing pool of inaccessible tokens.

Vulnerability Details

The contract accumulates tokens in two ways:

function createGameWithToken(...) external {
require(winningToken.balanceOf(msg.sender) >= 1, "Must have winning token");
// Transfers token to contract
winningToken.transferFrom(msg.sender, address(this), 1);
}
function joinGameWithToken(...) external {
require(winningToken.balanceOf(msg.sender) >= 1, "Must have winning token");
// Transfers token to contract
winningToken.transferFrom(msg.sender, address(this), 1);
}

  1. Each token game locks 2 tokens in the contract (1 from creator + 1 from joiner)

  2. When game finishes, new tokens are minted instead of transferring existing ones:

There is no function to:

  • Transfer accumulated tokens

  • Withdraw tokens

  • Recover locked tokens

Impact

  • Every token game permanently locks 2 tokens

  • These tokens can never be recovered

  • Creates "dead" tokens that dilute token value

Tools Used

Manual Review

Recommendations

Add token withdrawal function for admin

Fix the token game reward mechanism

Updates

Appeal created

m3dython Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.