scoreA and scoreB Overflow in Long Games Can Cause DoS and Locked Funds
Description:
The scoreA and scoreB variables are defined as uint8, limiting each player's score to a maximum value of 255. In games configured with a high number of turns, it's possible for players to reach this limit through a balanced series of wins and ties.
When a player wins an additional round after reaching 255 points, an arithmetic overflow occurs, causing the contract to revert with:
This halts the game permanently, locking any staked ETH or tokens inside the contract.
Impact
Potential Denial of Service (DoS) in games with excessive turns.
Permanent locking of staked funds and rewards.
Game logic failure due to lack of score overflow protection.
Proof of Concept:
A game was executed with 1001 turns (valid since it must be odd). After 766 turns with balanced outcomes, both scores reached 255, triggering the overflow error:
Tools Used
Manual Review and Foundry
Recommendations
Upgrade scoreA and scoreB to uint16 to safely support longer games.
Alternatively, enforce a reasonable maximum limit on the number of turns to avoid unnecessary risk.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.