Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

`platformFeePercentage` can be changed mid-game causing the winner to receive a smaller pot than initially expected based on the original fee percentage

anchabadze

Description:

The updatePlatformFeePercentage() functions allow the owner to modify platformFeePercentage during active gameplay, creating unfair conditions for players who join at different times.

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage)
external
onlyOwner
isValidPercentage(_newPlatformFeePercentage)
{
// Can be called anytime - no gameEndedOnly modifier
platformFeePercentage = _newPlatformFeePercentage; // Affects current game immediately
}

Attack path:

  1. Players start game expecting 5% platform fee (95% to pot)

  2. Mid-game, owner increases platformFeePercentage to 20%

  3. Later players contribute much less to the pot than earlier players

  4. Final winner receives less prize than early players anticipated

Impact:

Players joining at different times face vastly different economic conditions

Winner receive a smaller pot than initially expected based on the original fee percentage

Changing game rules mid-play may violate gambling fairness regulations

Recommended Mitigation:

Restrict parameter change to between game rounds and apply them only to new games:

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage)
external
onlyOwner
gameEndedOnly // Add this modifier
isValidPercentage(_newPlatformFeePercentage)
{
platformFeePercentage = _newPlatformFeePercentage;
emit PlatformFeePercentageUpdated(_newPlatformFeePercentage);
}
Updates

Appeal created

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.