Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Critical Logic Flaw in claimThrone(): Throne Cannot Be Claimed Due to Inverted Check

sg_milad

Root + Impact

Description

Normally, the claimThrone() function should allow any user who is not the current king to claim the throne by meeting the required conditions (e.g., sending enough ETH, etc.).
However, the condition require(msg.sender == currentKing) is incorrectly implemented. This logic only allows the current king to reclaim the throne, defeating the purpose of a game mechanic where others compete to become the new king. The check should instead prevent the current king from reclaiming their own throne.

require(

@> msg.sender == currentKing,

"Game: You are already the king. No need to re-claim."

);

Risk

Likelihood:

This will always occur when any user tries to claim the throne and they are not the current king.
The contract logic enforces a false precondition that contradicts the intended functionality.

Impact:

No new user can ever claim the throne, rendering the core mechanic of the game useless.
The contract becomes entirely non-functional in its intended context, potentially locking up funds and making it unusable.

Proof of Concept

The following Foundry test demonstrates that new players are unable to claim the throne due to the incorrect logic in the require statement.

function testClaimThrone_CannotBeUsedByNewPlayers() public {

// Player1 tries to claim the throne but fails because they're not the current king

vm.startPrank(player1);

vm.expectRevert("Game: You are already the king. No need to re-claim.");

game.claimThrone{value: INITIAL_CLAIM_FEE}();

vm.stopPrank();

}

Recommended Mitigation

To fix the logic error and restore the correct behavior of the game, update the require condition to reject the current king and allow new players to claim the throne.

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Updates

Appeal created

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.