`playerB` can be overriden and lose their betting money
Summary
Within the timespan between joining and the first move committed, player B is prone to token loss by being join-overriden by another actor.
Vulnerability Details
The general scenario for this vulnerability goes like this:
Actor A creates a game (either with ETH or other token), and thus become player A of that game themself.
Actor B joins that game as player B.
Right after actor B joining, and before either actor committing for the first turn, actor C can join in, actively overriding actor B from the position of player B. Actor B, rejoining or not, have already lost the tokens they used on the first join.
If actor C is slow to respond, a new actor D can come in to steal the place again, and the chain goes on until a commit is made.
Impact
Users in the position of player B (i.e. joining games created by other users) are susceptible to lose money if someone is fast enough to override them.
Recommendations
Add a check on joining functions to ensure that game.playerB == address(0), if not, revert the join request.
Appeal created
Absence of State Change on Join Allows Player B Hijacking
Game state remains Created after a player joins
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.