Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Missing Game-Ended Modifier Check missing in updateGracePeriod() Enables Mid-Game Parameter Tampering

eagerpanda582

Root + Impact

Description

The updateGracePeriod() function allows the owner to change the gracePeriod even while a game round is active. This can be exploited to extend or shorten the current king's reign, impacting gameplay fairness and user trust.

Risk

Likelihood:

The function is callable by the owner at any time. No guard (e.g., gameEndedOnly check) is in place to prevent misuse during active rounds.

Impact:

Changing the grace period mid-game can:
1. Prevent the rightful king from winning.
2. Enable malicious manipulation by the owner.
3. Break user trust and violate expectations of fairness and finality.

Proof of Concept

The POC demonstarate that if the owner changes the graceperiod midGame, enabling the currentKing to win.

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import {Test, console2} from "forge-std/Test.sol";

import {Game} from "../src/Game.sol";

contract GameTest is Test {

Game public game;

address public deployer;

address public player1;

// Initial game parameters for testing

uint256 public constant INITIAL_CLAIM_FEE = 0.1 ether; // 0.1 ETH

uint256 public constant GRACE_PERIOD = 1 days; // 1 day in seconds

uint256 public constant FEE_INCREASE_PERCENTAGE = 10; // 10%

uint256 public constant PLATFORM_FEE_PERCENTAGE = 5; // 5%

function setUp() public {

deployer = makeAddr("deployer");

player1 = makeAddr("player1");

vm.deal(deployer, 10 ether);

vm.deal(player1, 10 ether);

vm.prank(deployer);

game = new Game(

INITIAL_CLAIM_FEE,

GRACE_PERIOD,

FEE_INCREASE_PERCENTAGE,

PLATFORM_FEE_PERCENTAGE

);

}

function test_claimmthrone() external{

vm.prank(player1);

game.claimThrone{value: 1 ether}();

vm.prank(deployer);

game.updateGracePeriod(80);

vm.warp(1000);

vm.prank(player1);

game.declareWinner();

assertEq(game.currentKing(), player1);

}

Recommended Mitigation

By adding the modifier gameEndedOnly can prevent the owner to change the gracePeriod midgame, thereby mitigating the vulnerability.

Here if we do not add the modifier also it will automatically rest for next round.
And the other option we have to add modifier.

function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner {

require(_newGracePeriod > 0, "Game: New grace period must be greater than zero.");

- gracePeriod = _newGracePeriod;

+ initalGracePeriod = _newGracePeriod;

emit GracePeriodUpdated(_newGracePeriod);

}

- function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner

+ function updateGracePeriod(uint256 _newGracePeriod) external gameEndedOnly onlyOwner

Updates

Appeal created

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.