Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Reveal Deadline Race Condition Bug

0x68

Vulnerability Details

The revealDeadline is set only after both players have committed their moves. This creates a race condition where the player committing second dictates the reveal window duration.

Exploit Scenario:

  1. Player A commits a move.

  2. Player B waits until near the end of Player A's reasonable reveal time, then commits.

  3. The revealDeadline is set based on block.timestamp at Player B's commit, effectively giving Player A a much shorter time to reveal than intended.

Impact

  • Player A, who committed first, is unfairly disadvantaged

  • Games may be lost due to artificially shortened reveal periods

Recommendations

  1. Set Initial Deadline: Set revealDeadline when Player A commits first

function commitMove(uint256 _gameId, bytes32 _commitHash) external {
Game storage game = games[_gameId];
//...existing checks...
if (msg.sender == game.playerA) {
//...
game.commitA = _commitHash;
if (game.commitB != bytes32(0)) {
game.revealDeadline = block.timestamp + game.timeoutInterval;
} else {
game.revealDeadline = block.timestamp + game.timeoutInterval; // <--- SET HERE
}
} else {
//...
}

  1. Two-Stage Timeout: Split the reveal timeout into two stages:

    • Initial Reveal Window: Set when the first player commits.

    • Extended Reveal: Start the full timer only when both players commit, but apply it to both players.

These changes remove the timing exploit and restore fair reveal windows in multi-turn matches.

Updates

Appeal created

m3dython Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.