Last Man Standing

Description

• Game parameters like gracePeriod, initialClaimFee, feeIncreasePercentage, and platformFeePercentage should remain stable during active game rounds to ensure fair gameplay for all participants.

• The contract allows the owner to update these critical parameters at any time, including during active game rounds, creating opportunities for manipulation and unfair advantage.

Risk

Likelihood:

• Owner has technical ability to change rules at any time during gameplay

• No restrictions prevent mid-game parameter modifications

• Centralization risk is inherent in the current design

Impact:

• Centralization risk allowing owner to manipulate game rules arbitrarily

• Unfair gameplay where rules change mid-round without player consent

• Economic manipulation affecting claim costs and winning conditions

• Loss of player trust and potential abandonment of the game

Proof of Concept

Scenario 1 - Grace Period Manipulation:

1. Current king has waited 23/24 hours for grace period to expire

2. Owner calls updateGracePeriod(172800) (48 hours) during active game

3. Current king must now wait additional 25 hours unexpectedly

4. This violates player expectations and game fairness

Scenario 2 - Fee Structure Manipulation:

1. Players enter game with 10% platform fee and 5% fee increase

2. Owner calls updatePlatformFeePercentage(50) and updateClaimFeeParameters(newFee, 20) mid-game

3. Next players face dramatically higher costs than earlier participants

4. Creates unfair economic conditions for later players

Scenario 3 - Immediate Winner Declaration:

1. Owner calls updateGracePeriod(1) during active round

2. Current king becomes winner almost immediately

3. Other players lose opportunity to compete fairly

Recommended Mitigation

Add the gameEndedOnly modifier to all parameter update functions to ensure changes only occur between game rounds: