Rock Paper Scissors

First Flight #38

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Enumeration Default Value in GameState Enum

0xblackadam

Summary

The RockPaperScissors smart contract contains a vulnerability in the definition of the GameState enum. The enum does not include a proper default value (None/Uninitialized) as its first entry (index 0). Instead, GameState.Created is positioned as the first entry, which causes newly uninitialized storage variables of type GameState to automatically receive the value GameState.Created. This could lead to incorrect state management and potential security issues.

Vulnerability Details

In Solidity, enums are represented as unsigned integers, with the first defined value automatically assigned the value 0. When a storage variable of an enum type is declared without explicit initialization, it defaults to the first value in the enum (index 0).

The current GameState enum definition is:

enum GameState {

Created,

Committed,

Revealed,

Finished,

Cancelled

}

In this implementation, GameState.Created has value 0, meaning any uninitialized GameState variable will automatically be in the "Created" state. This is problematic because:

Uninitiated game state variables automatically appear in a valid "Created" state
The contract explicitly sets game.state = GameState.Created in the game creation functions, which is redundant and wastes gas
There's no way to distinguish between a properly created game and an uninitialized game entry

Looking through the contract, I observed the issue when new games are created:

function createGameWithEth(uint256 _totalTurns, uint256 _timeoutInterval) external payable returns (uint256) {

// ... validation logic ...

uint256 gameId = gameCounter++;

Game storage game = games[gameId];

// At this point, game.state is already GameState.Created (0)

// ... other initializations ...

game.state = GameState.Created; // Redundant assignment

// ...

}

Impact

Logic Errors: Functions that check for game.state == GameState.Created could succeed for uninitialized or invalid game entries
Gas Waste: Redundant assignments waste gas during game creation
Potential Security Bypass: If a function only checks that a game's state is "Created" before allowing certain operations, it might allow operations on non-existent or invalid games
Difficult Debugging: Makes it harder to identify issues where game state initialization was skipped

The bug could be exploited if there are any functions that rely solely on the game state being "Created" to authorize operations without checking other game properties.

Tools Used

Manual code review
Solidity understanding of enum implementation and default values
Analysis of state-dependent control flow within the contract

Recommendations

Add a None/Uninitialized state as the first enum value:

enum GameState {

None, // Default uninitialized state (0)

Created, // Now has value 1

Committed,

Revealed,

Finished,

Cancelled

}

Updates

Appeal created

m3dython Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Gas Optimization

Rewards breakdown

nSLOC

349

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.