Submission Details
Impact:
Likelihood:
Owner can change Grace period during the game gaining an edge over others players
[M] Owner can change Grace period during the game gaining an edge over others players
Description:
The function Game::updateGracePeriod give the right to the Owner to update grace period during the game.
function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner {
require(_newGracePeriod > 0, "Game: New grace period must be greater than zero.");
gracePeriod = _newGracePeriod;
emit GracePeriodUpdated(_newGracePeriod);
}
Impact: This advantage can be used by the owner to win the game by lowering the grace period and take the price.
Proof of Concept:
Add the following test in Game.t.sol
function test_owner_power() public {
uint256 winning_pot;
vm.prank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
assertEq(player1, game.currentKing());
// player2 overthrow player1 and become king
vm.startPrank(player2);
game.claimThrone{value: game.claimFee()}();
assertEq(player2, game.currentKing());
vm.stopPrank();
// player3 overthrow player2 and become king
vm.startPrank(player3);
game.claimThrone{value: game.claimFee()}();
vm.stopPrank();
// deployer overthrow player3 and become king
vm.startPrank(deployer);
game.claimThrone{value: game.claimFee()}();
uint256 deployerBalanceBefore = deployer.balance;
// update grace period to 1 seconds
game.updateGracePeriod(1 seconds);
vm.warp(game.lastClaimTime() + 10 seconds);
// declare himself winner
game.declareWinner();
winning_pot = game.pendingWinnings(deployer);
// withdraw the reward.
game.withdrawWinnings();
assertEq(deployer.balance, deployerBalanceBefore + winning_pot);
}
Recommended Mitigation:
The owner should not be able to change the grace period during the game, if he/she is able to participate to it.
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.