Unrestricted Game Cancellation After Player Joins
Summary
The RockPaperScissors contract allows the game creator to cancel a game after the second player has joined but before any moves are committed. This creates an unfair advantage where the creator can selectively choose opponents by cancelling games when undesired players join.
Vulnerability Details
The cancelGame function allows the creator to cancel a game as long as it's in the Created state:
After Player B joins via joinGameWithEth or joinGameWithToken, the game remains in the Created state until moves are committed. This allows Player A to see who joined their game and cancel if they prefer not to play against that specific opponent.
Impact
This vulnerability allows:
Selective Play: Game creators can cherry-pick opponents by cancelling games when undesired players join
Griefing: Creators can waste other players' time and gas by repeatedly creating and cancelling games
While players do get their ETH or tokens refunded when a game is cancelled, they waste gas fees and time attempting to join games that get cancelled.
Tools Used
Manual code review
Recommendations
Prevent cancellation after a player has joined by adding a check for Player B:
This ensures games can only be cancelled before an opponent joins, ensuring fair play and preventing selective opponent choice.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.