Rock Paper Scissors

First Flight #38

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Cross-function Reentrancy in timeoutReveal() Allows Theft of Funds

teoslaf

Summary

The RockPaperScissors contract is vulnerable to a cross-function reentrancy attack through the timeoutReveal function. This vulnerability allows a malicious player to drain funds from multiple games by exploiting the lack of reentrancy protection when ETH is transferred to winners.

Vulnerability Details

The vulnerability exists in the interaction between the timeoutReveal function and the internal _finishGame function it calls:

In timeoutReveal (lines 263-286), when a player has revealed their move but their opponent hasn't before the deadline, the function calls _finishGame with the revealing player as the winner.
In _finishGame (lines 473-506), the contract:
- Sets the game state to Finished (line 476)
- Calculates the prize (lines 482-485)
- Updates the accumulated fees (line 488)
- Sends ETH to the winner using a low-level call (line 492):
  (bool success,) = _winner.call{value: prize}("");
The low-level call can trigger a fallback function in a malicious contract, allowing it to call back into the RockPaperScissors contract before the original transaction completes.
While the game state for the current game is set to Finished before the ETH transfer (which prevents reentrancy on the same game), there's no global lock to prevent reentrancy across different games or functions.

Attack Scenario:

Attacker creates 4 games with ETH bets using a malicious contract
Attacker joins these games with another account
Attacker legitimately wins Game #1 by timeout (reveals move while malicious contract doesn't)
When receiving ETH from Game #1, attacker reenters and calls timeoutReveal() on Games #2, #3, and #4
Attacker steals funds from all games in a single transaction, even though they should only win Game #1

Sample attack contract:

contract RockPaperScissorsAttacker {

RockPaperScissors public target;

uint256[] public gameIds;

uint256 public currentGameIndex;

constructor(address _target) {

target = RockPaperScissors(_target);

}

function createGames(uint256 count, uint256 totalTurns, uint256 timeoutInterval) external payable {

uint256 betAmount = msg.value / count;

for (uint256 i = 0; i < count; i++) {

uint256 gameId = target.createGameWithEth{value: betAmount}(totalTurns, timeoutInterval);

gameIds.push(gameId);

}

function attack() external {

currentGameIndex = 0;

target.timeoutReveal(gameIds[currentGameIndex]);

}

receive() external payable {

currentGameIndex++;

if (currentGameIndex < gameIds.length) {

target.timeoutReveal(gameIds[currentGameIndex]);

}

Impact

This vulnerability has a high severity impact as it allows a malicious player to:

Steal all ETH from games they've participated in
Drain the contract of funds meant for other players
Potentially manipulate game outcomes unfairly

The financial impact is directly proportional to the number and size of active games with ETH bets. In a production environment with multiple games and significant betting amounts, this could lead to substantial financial losses.

Tools Used

Manual code review

Recommendations

To fix this vulnerability, implement the following changes:

Add a reentrancy guard using OpenZeppelin's ReentrancyGuard:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract RockPaperScissors is ReentrancyGuard {

// ...

function timeoutReveal(uint256 _gameId) external nonReentrant {

// existing code

}

// Apply nonReentrant to other external functions that interact with ETH

}

Alternatively, implement a custom reentrancy guard:

contract RockPaperScissors {

bool private locked;

modifier noReentrant() {

require(!locked, "No reentrancy");

locked = true;

locked = false;

}

function timeoutReveal(uint256 _gameId) external noReentrant {

// existing code

}

Follow the checks-effects-interactions pattern more strictly by:
- Performing all state changes before external calls
- Using the pull-over-push pattern for prize distribution
- Consider implementing a separate withdrawal function for winners to claim prizes
Consider using OpenZeppelin's SafeERC20 for token transfers and Address library for safe ETH transfers.

Updates

Appeal created

m3dython Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

349

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.