Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Platform Fee Can Be Set to 100% by Owner

ishwar

Root + Impact

Description

  • The platform fee is intended to provide reasonable compensation to the owner, not to drain all player payments.

  • The code allows the owner to set the platform fee to any percentage up to 100%. This enables the owner to capture the entire claim fee, leaving nothing for the pot or previous king.

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage)
external
onlyOwner
isValidPercentage(_newPlatformFeePercentage)
{
@> platformFeePercentage = _newPlatformFeePercentage; <@
emit PlatformFeePercentageUpdated(_newPlatformFeePercentage);
}

Risk

Likelihood:

  • This can happen any time the owner sets the platform fee to a high value.

  • No cap exists except for the maximum of 100%.

Impact:

  • All claim fees may go to the owner, making the game unfair and economically unsustainable.

  • Players will lose trust, and the platform can be used for a rug-pull.

Proof of Concept

// Owner can set fee to 100%
platformFeePercentage = _newPlatformFeePercentage;

Explanation:
The only restriction is <= 100. This allows the owner to set all incoming claim fees to themselves, eliminating the pot and previous king reward.

Recommended Mitigation

- require(_newPlatformFeePercentage <= 100, "Game: Platform fee percentage must be 0-100.");
+ require(_newPlatformFeePercentage <= 20, "Game: Platform fee percentage must be 0-20.");

Mitigation Explanation:
Capping the platform fee at a reasonable upper bound (e.g., 20%) ensures that the majority of claim fees go to the pot and previous king, maintaining fairness and game viability.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!