Last Man Standing

First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Submission Details
Severity: medium
Valid

Incorrect Role Check in claimThrone() Causes Denial-of-Service for All Players

Incorrect Role Check in claimThrone() Causes Denial-of-Service for All Players

Description

  • The claimThrone() function is designed to allow any address other than the current king to claim the throne by sending a required ETH fee. Once claimed, the currentKing is updated, and the game progresses.

  • However, the condition meant to restrict the current king from reclaiming the throne is incorrectly written to allow only the current king. As a result, once a player becomes the king, all further throne claims by other players are permanently reverted, causing a Denial-of-Service (DoS).

function claimThrone() external payable gameNotEnded nonReentrant {
require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
// @> This condition is inverted
// @> It allows only the current king to reclaim, instead of preventing reclaims
require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
...
}

Risk

Likelihood:

  • This issue occurs immediately after the first successful claimThrone() call

  • All subsequent calls by new players will revert and be unable to participate

Impact:

  • Game becomes stuck in a permanent state

  • No further revenue or gameplay progression can occur

  • Loss of trust and funds from players expecting game functionality

Proof of Concept

function testPoC_IncorrectRoleCheck_DenialOfService() public {
// player1 claims throne
vm.startPrank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
vm.stopPrank();
// player2 attempts to claim throne (should succeed but fails)
vm.startPrank(player2);
uint256 claimFee = game.claimFee();
vm.expectRevert("Game: You are already the king. No need to re-claim.");
game.claimThrone{value: claimFee}(); // incorrectly reverts
vm.stopPrank();
}

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

This fix correctly prevents the current king from reclaiming while allowing all other players to challenge for the throne, restoring core game functionality.

Updates

Appeal created

inallhonesty Lead Judge 29 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.