Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect Role Check in claimThrone() Causes Denial-of-Service for All Players

ibrahimatix0x01

Incorrect Role Check in claimThrone() Causes Denial-of-Service for All Players

Description

The claimThrone() function is designed to allow any address other than the current king to claim the throne by sending a required ETH fee. Once claimed, the currentKing is updated, and the game progresses.
However, the condition meant to restrict the current king from reclaiming the throne is incorrectly written to allow only the current king. As a result, once a player becomes the king, all further throne claims by other players are permanently reverted, causing a Denial-of-Service (DoS).

function claimThrone() external payable gameNotEnded nonReentrant {

require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

// @> This condition is inverted

// @> It allows only the current king to reclaim, instead of preventing reclaims

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

...

}

Risk

Likelihood:

This issue occurs immediately after the first successful claimThrone() call
All subsequent calls by new players will revert and be unable to participate

Impact:

Game becomes stuck in a permanent state
No further revenue or gameplay progression can occur
Loss of trust and funds from players expecting game functionality

Proof of Concept

function testPoC_IncorrectRoleCheck_DenialOfService() public {

// player1 claims throne

vm.startPrank(player1);

game.claimThrone{value: INITIAL_CLAIM_FEE}();

vm.stopPrank();

// player2 attempts to claim throne (should succeed but fails)

vm.startPrank(player2);

uint256 claimFee = game.claimFee();

vm.expectRevert("Game: You are already the king. No need to re-claim.");

game.claimThrone{value: claimFee}(); // incorrectly reverts

vm.stopPrank();

}

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

This fix correctly prevents the current king from reclaiming while allowing all other players to challenge for the throne, restoring core game functionality.

Updates

Appeal created

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.