Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

claimThrone()` will always fail

alicrali33

Description

After the game starts, player1 tries to claim the throne by calling claimThrone(),
but it always fails due to the incorrect require statement in
https://github.com/CodeHawks-Contests/2025-07-last-man-standing/blob/47d9d19a78acb52270269f4bff1568b87eb81a96/src/Game.sol#L188

Proof of Concept

Add this to Game.t.sol:

function testclaimThrone0() public {

vm.startPrank(player1);

console2.log("currentKing:", game.currentKing());

console2.log("player1:", player1);

game.claimThrone{value: 0.1 ether}();

console2.log("the new currentKing:", game.currentKing());

vm.stopPrank();

}

Then run:
forge test --match-test testclaimThrone0 -vv

Output

Ran 1 test for test/Game.t.sol:GameTest

[FAIL: Game: You are already the king. No need to re-claim.] testclaimThrone0() (gas: 52371)

Logs:

currentKing: 0x0000000000000000000000000000000000000000

player1: 0x7026B763CBE7d4E72049EA67E89326432a50ef84

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 1.85ms (155.00µs CPU time)

Ran 1 test suite in 11.89ms (1.85ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total test)

Failing tests:

Encountered 1 failing test in test/Game.t.sol:GameTest

[FAIL: Game: You are already the king. No need to re-claim.] testclaimThrone0() (gas: 52371)

As we can see, currentKing is 0x0000000000000000000000000000000000000000,
and player1 is 0x7026B763CBE7d4E72049EA67E89326432a50ef84,
but it still throws the error: You are already the king. No need to re-claim.

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Updates

Appeal created

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.