Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

High `feeIncreasePercentage` Enables Denial of Service Attacks

farrellhauzan

Description

  • The fee increase percentage should be capped at reasonable levels to maintain game accessibility while providing economic progression.

  • The feeIncreasePercentage parameter accepts values up to 99%, causing claim fees to grow exponentially and pricing out legitimate players.

constructor(..., uint256 _feeIncreasePercentage, ...) {
// @> Allows up to 99% fee increase, causing exponential growth
require(_feeIncreasePercentage <= 100, "Game: Fee increase percentage must be 0-100.");
feeIncreasePercentage = _feeIncreasePercentage;
}
function claimThrone() external payable gameNotEnded nonReentrant {
// @> Fee increases exponentially with each claim
claimFee = claimFee + (claimFee * feeIncreasePercentage) / 100;
}

Risk

Likelihood:

  • Owner can set high fee increase percentage during deployment

  • Attacker with sufficient capital can execute multiple claims quickly

  • Exponential growth makes fees unaffordable within few rounds

Impact:

  • Game becomes inaccessible to new players after few rounds

  • Legitimate players are priced out of participation

  • Economic barrier prevents fair competition

  • Game functionality becomes limited to wealthy participants only

Proof of Concept

Example scenario:

  1. feeIncreasePercentage is set to 99

  2. Attacker creates 5 accounts and claims the throne repeatedly

  3. After 5 claims, the claim fee becomes:

    • Initial claim fee = 1 ETH

    • After 1st claim: 1 ETH * (1 + 0.99) = 1.99 ETH

    • After 2nd claim: 1.99 ETH * (1 + 0.99) = 3.96 ETH

    • After 3rd claim: 3.96 ETH * (1 + 0.99) = 7.92 ETH

    • After 4th claim: 7.92 ETH * (1 + 0.99) = 15.84 ETH

    • After 5th claim: 15.84 ETH * (1 + 0.99) = 31.68 ETH <- Extremely high claim fee

  4. New players cannot afford this fee, effectively locking them out of the game

Recommended Mitigation

Option 1: Add a reasonable cap to the feeIncreasePercentage:

modifier isValidPercentage(uint256 _percentage) {
require(_percentage <= 20, "Game: Fee increase percentage too high."); // Reasonable cap
_;
}

Option 2: Implement progressive cap based on current fee:

function claimThrone() external payable gameNotEnded nonReentrant {
// ... existing code ...
// Cap fee increase if claim fee gets too high
uint256 maxReasonableFee = 10 ether; // Define reasonable maximum
if (claimFee > maxReasonableFee) {
// Use smaller increase percentage for high fees
claimFee = claimFee + (claimFee * 5) / 100; // 5% instead of feeIncreasePercentage
} else {
claimFee = claimFee + (claimFee * feeIncreasePercentage) / 100;
}
}

Option 3: Add fee decay mechanism over time:

function claimThrone() external payable gameNotEnded nonReentrant {
// ... existing code ...
// Implement fee decay if no claims for extended period
uint256 timeSinceLastClaim = block.timestamp - lastClaimTime;
uint256 decayPeriod = 1 hours;
if (timeSinceLastClaim > decayPeriod) {
// Reduce fee by 10% for each hour of inactivity
uint256 decayFactor = timeSinceLastClaim / decayPeriod;
claimFee = claimFee * (90 ** decayFactor) / (100 ** decayFactor);
if (claimFee < initialClaimFee) {
claimFee = initialClaimFee; // Floor at initial fee
}
}
// Then apply normal fee increase
claimFee = claimFee + (claimFee * feeIncreasePercentage) / 100;
}
Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.