Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

The `RockPaperScissors` contract allows games of more than 5 turns

nebosvod

Description: The createGameWithToken function only checks if the _totalTurns passed to it is more than 0 and if it's an odd number. A player can create a game a very high turn count and be able to play for a long time with only a small bet. They can also start a game with a single turn. Both of these scenarios are against the docs which state that a game should only last 3-5 turns.

function createGameWithToken(uint256 _totalTurns, uint256 _timeoutInterval) external returns (uint256) {
require(winningToken.balanceOf(msg.sender) >= 1, "Must have winning token");
require(_totalTurns > 0, "Must have at least one turn");
.
.

Impact: Players can create games with more or less turns than is specified in teh docs.

Recommended Mitigation: Change the require constraint in the createGameWithToken function to only allow turns between 3 and 5.

function createGameWithToken(uint256 _totalTurns, uint256 _timeoutInterval) external returns (uint256) {
require(winningToken.balanceOf(msg.sender) >= 1, "Must have winning token");
- require(_totalTurns > 0, "Must have at least one turn");
+ require(_totalTurns >= 3 && _totalTurns <= 5 , "Must have between 3 and 5 turns");
.
.
Updates

Appeal created

m3dython Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational

Code suggestions or observations that do not pose a direct security risk.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.