Incorrect Error Message in joinGameWithToken Function
Summary
The error message in the RockPaperScissors::joinGameWithToken() function, specifically the line:
is misleading and incorrect.
Vulnerability Details
In the RockPaperScissors::joinGameWithToken() function, the following require() statement checks if the game was created without a bet, indicating the game requires a token bet:
However, the error message "This game requires ETH bet" is incorrect because this function is not designed for ETH-based bets but rather token-based bets (i.e., using the winningToken). The error message should correctly indicate that a token bet is required, not ETH.
Impact
User Confusion: The error message may confuse users, as they might believe they need to send ETH instead of tokens when joining the game.
Incorrect Expectations: Users attempting to join a token-based game might be unsure about what type of bet is expected due to the incorrect error message referencing ETH.
Recommendations
Update the error message in the joinGameWithToken() function to accurately reflect the requirement that the game is expecting a token bet:
Appeal created
Informational
Code suggestions or observations that do not pose a direct security risk.
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.