Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

The function claimThrone() incorrectly prevents anyone from claiming the throne

retter

Root + Impact

Description

The function claimThrone() in /src/Game.sol incorrectly prevents anyone from claiming the throne - including the first player. This due to a faulty logic check.

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

At deployment, currentKing == address(0). When any user attempts to claim the throne for the first time, this check will always fail, since msg.sender != adress(0). As a result, no one can ever start the game, and the contract becomes unusable.

##Risk: High

Likelihood: 100%

This issue will always occur immediatly after deployment, because the currentKing is initialized to address(0) and no one can match that address.
It completely blocks the first interaction with the game (first claim), since currentKing is intialized to addrress(0), and no msg.sender can match that.

Impact: total game failure

Users cannot participate in the game, because the claimThrone() function always reverts on the first attempt.
The contract non-functional and useless, defeating the purpose of the game.
Any ETH sent to it is effectively locked.

Proof of Concept

This test simulates a user trying to claim the throne immediately after deployment. Since currentKing == address(0) and msg.sender != address(0), the call reverts. The game cannot be started.

function testCannotClaimThroneInitially() public {

// At deployment, currentKing == address(0)

assertEq(game.currentKing(), address(0));

// Any player trying to claim the throne will revert

vm.prank(player1);

vm.expectRevert("Game: You are already the king. No need to re-claim.");

game.claimThrone{value: INITIAL_CLAIM_FEE}();

}

Recommended Mitigation

The intention is to prevent the same player from repeatedly claiming the throne - not to block everyone. Replacing == with != fixes the logic and allows new players to claim, while still preventing reduntant self claims.

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Updates

Appeal created

inallhonesty Lead Judge 9 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.