Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Access Condition Blocks All New Throne Claims

mandeepmalik2003

Root + Impact

Description

  • The claimThrone function is intended to allow users to become the new king by fulfilling certain conditions.

  • However, due to flawed logic in the require statement, once a user becomes the king, no other user can claim the throne, effectively breaking the contract's core functionality.

// @> require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

  • Everytime a non-zero address claims the throne, the king variable is set to that address.

  • On the next call, same required condition is evaluated. since msg.sender != king fails(if the caller is the same or inappropriately evaluated), it reverts for all subsequent users.


Impact:

  • The core functionlity of the game is lost - The throne becomes unclaimable after the first successful call.

  • No new players can participate, leading to a denial-of-service for the contract’s main feature.

Proof of Concept

// Deploy contract
Game game = new Game();
// Address A claims the throne
game.claimThrone{value: 1 ether}({some params});
// Address B tries to claim the throne
// This call reverts due to the incorrect logic in the require statement
game.claimThrone{value: 1 ether}({some params}); // Fails even though B != king

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.