Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Improper Use of (game.bet) to Distinguish Game Asset Type

grands9n47

Summary

The _cancelGame function uses the value of game.bet to determine whether the game involved native ETH or in-game tokens. Specifically, game.bet > 0 is interpreted as an ETH-based game, while game.bet == 0 is assumed to indicate a token-based game. This dual-purpose use of game.bet is a fragile design that can lead to incorrect behavior, misinterpretation of the game type, and potential asset mismanagement.

Vulnerability Details

if (game.bet > 0) {
(bool successA,) = game.playerA.call{value: game.bet}("");
require(successA, "Transfer to player A failed");
if (game.playerB != address(0)) {
(bool successB,) = game.playerB.call{value: game.bet}("");
require(successB, "Transfer to player B failed");
}
}
// Return tokens for token games
if (game.bet == 0) {
if (game.playerA != address(0)) {
winningToken.mint(game.playerA, 1);
}
if (game.playerB != address(0)) {
winningToken.mint(game.playerB, 1);
}
}

Impact

Asset Loss

Mint Exploit

Adding other asset types could silently break the logic

Tools Used

manual review

Recommendations

Refactor the logic to explicitly track the game’s asset type using an enum. For example

enum GameAssetType { ETH, TOKEN }
struct Game {
...
GameAssetType assetType;
uint256 bet;
}
Updates

Appeal created

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.