Summary

The reveal deadline attribute is not reset after turn 1 of the game, which allows an malicious person to frontrun turn 2, and calling timeoutReveal() to win the game.

Vulnerability Details

The vulnerability affects interactions between the following 4 functions: commitMove(), revealMove(), timeoutReveal() and _determineWinner().

The game must already be created and joined by a 2nd player.

The vulnerability appears at the end of the 1st round, when players have revealed their moves.

In the first round, there's no problem. The revealDeadline attribute has not yet been modified, so revealDeadline = 0. When both players have committed their action, this variable is set:

This will be verified during the revelation phase:

Once both players have revealed their game, the _determineWinner() function is called.

This function, as its name suggests, determines the winner, and resets the game attributes to move on to the next round if the game isn't over:

Here, the “revealDeadline” attribute is not reset, it is always set to :

If the new block has not yet been added to the blockchain, it is possible to frontrun the 2nd turn of the game, adding the transactions of the following functions :

• commitMove()

• revealMove() → valid because block.timestamp + game.timeoutInterval > block.timestamp

If the 2nd player doesn't play before the end of the 1st game's allotted time, the attacker can call the timeoutReveal() function and recover the funds bet on this game.

Impact

This vulnerability is critical as it allows an attacker to steal the funds that the opposing player has staked.

Tools Used

Manual review

Recommendations

To counter this vulnerability, there are 2 solutions:

• Reset the revealDeadline variable in the _determineWinner function:

• Use GameState.Revealed instead of GameState.Committed :