Rock Paper Scissors

First Flight #38

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Token Deposit Inflation And Loss WinningToken

codeaudit0x1

Summary

The RockPaperScissors.sol contract allows users to stake (WinningToken) ERC20 tokens for playing games. However, in cases of game cancellation, the contract mints new tokens instead of returning the transferred tokens to users. This results in token inflation and the permanent loss of user tokens.

This issue allows attackers to farm tokens by repeatedly creating games that no one joins, leading to uncontrolled token supply inflation.

Vulnerability Details

The vulnerability arises in the cancellation paths of the contract, where instead of transferring the deposited tokens back to the user, new tokens are minted. The function responsible for this is _cancelGame() and _handleTie(), where:

// _CancelGame()

if (game.bet == 0) {

if (game.playerA != address(0)) {

winningToken.mint(game.playerA, 1);

}

if (game.playerB != address(0)) {

winningToken.mint(game.playerB, 1);

}

// _HandleTie()

if (game.bet == 0) {

winningToken.mint(game.playerA, 1);

winningToken.mint(game.playerB, 1);

}

// _finishGame()

if (game.bet == 0) {

// Mint a winning token

winningToken.mint(_winner, 2);

} else {

// Mint a winning token for ETH games too

winningToken.mint(_winner, 1);

}

Impact

Token Inflation: The minting of new tokens on every game cancellation causes the token supply to increase without a corresponding increase in value or assets, leading to inflation.
Permanent Loss of Tokens: The escrowed tokens are locked within the contract when the game is cancelled, meaning players cannot retrieve their original stake.

Recommendations

Replace Mint with Token Transfer: Instead of minting new tokens, the contract should transfer the original deposited tokens back to the players in the event of a game cancellation.

Updates

Appeal created

m3dython Lead Judge 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

Rewards breakdown

nSLOC

349

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.