Summary

In the joinGameWithToken function of the RockPaperScissors contract, the revert message for incompatible game types is misleading. When a user attempts to join an ETH-based game using a token, the contract reverts with the message "This game requires ETH bet". This is technically incorrect — the function implies a token-based game, and the correct cause for the error is that the game is not a token game (i.e., it expects ETH). The error message should instead communicate that the current game requires token participation, enhancing clarity.

Vulnerability Details

In joinGameWithToken, we have:

However, this condition is checking for a token-based game, where bet == 0. The error message implies that ETH is required, which contradicts the actual intent of this check.

This can lead to:

• Developer confusion while debugging game logic

• User misunderstanding when interacting with the contract via dApps or UIs

• Decreased trust in contract correctness due to ambiguous feedback

Impact

• Poor user experience: Players see confusing or incorrect messages, leading to failed interactions and support requests.

• Debugging difficulty: Developers may misinterpret the cause of reverts based on inaccurate messages.

• Potential for UI misbehavior: Frontends that rely on revert strings may mislabel or misdirect user actions.

Tools Used

• Manual code inspection

• Analysis of require statements and revert reasons

• User experience reasoning

Recommendations

Update the error message to clearly state that the game requires token-based participation, not ETH:

Also consider standardizing and documenting revert messages for better consistency and developer usability. For example, prefix game type mismatches with "GameTypeError:" or similar to aid parsing in frontends.