Submission Details
Severity:
Unbounded Loops in Game Logic
Description: Throughout the contract where game turns are processed. The contract processes multiple turns in a game, but there's no upper limit on the number of turns that can be specified
Impact: An attacker could create a game with an extremely high number of turns, potentially causing out-of-gas errors
Proof of Concept:
// Attacker creates game with max turns
game.createGameWithEth{value: 0.01 ether}(type(uint256).max, 5 minutes);
Recommended Mitigation: Add a maximum turn limit in the constructor and validate in createGame functions
Updates
Appeal created
m3dython about 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational
Code suggestions or observations that do not pose a direct security risk.
Gas Optimization
Rewards breakdown
nSLOC
349This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.