Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Platform Fee Can Be Set to 100% by Owner

ishwar

Root + Impact

Description

  • The platform fee is intended to provide reasonable compensation to the owner, not to drain all player payments.

  • The code allows the owner to set the platform fee to any percentage up to 100%. This enables the owner to capture the entire claim fee, leaving nothing for the pot or previous king.

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage)
external
onlyOwner
isValidPercentage(_newPlatformFeePercentage)
{
@> platformFeePercentage = _newPlatformFeePercentage; <@
emit PlatformFeePercentageUpdated(_newPlatformFeePercentage);
}

Risk

Likelihood:

  • This can happen any time the owner sets the platform fee to a high value.

  • No cap exists except for the maximum of 100%.

Impact:

  • All claim fees may go to the owner, making the game unfair and economically unsustainable.

  • Players will lose trust, and the platform can be used for a rug-pull.

Proof of Concept

// Owner can set fee to 100%
platformFeePercentage = _newPlatformFeePercentage;

Explanation:
The only restriction is <= 100. This allows the owner to set all incoming claim fees to themselves, eliminating the pot and previous king reward.

Recommended Mitigation

- require(_newPlatformFeePercentage <= 100, "Game: Platform fee percentage must be 0-100.");
+ require(_newPlatformFeePercentage <= 20, "Game: Platform fee percentage must be 0-20.");

Mitigation Explanation:
Capping the platform fee at a reasonable upper bound (e.g., 20%) ensures that the majority of claim fees go to the pot and previous king, maintaining fairness and game viability.

Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.