Incorrect Check in 'ClaimThrone' function prevents anyone else from Claiming the Throne thus breaking Functionality
Functionality Broken. The 'ClaimThrone' function has a check that prevents anyone else from Claiming the Throne.
Impact : High, as the first Throne Claimer becomes the King forever as noone can Claim the Throne.
Description
-
The Require Check in 'ClaimOwner' checks the msg.sender is equal to the currentKing it reverts as the new throne claimer is ofc not the King.
-
Example:
Step 1: Patrick (Account A) sends 1 ETH
he becomes the currentKing
Step 2: Patricia tries to Claim the Throne (Account B) sends 1.1 ETH or higher
This line runs:
Risk : HIGH, breaks the Contracts Functionality
Likelihood: HIGH
This will Occur when the First Player will Claim the Throne and become the King and after that noone else can.
Impact: HIGH
-
Functionality Broken no one can play as no new Person can claim the Throne
-
The King System can't proceed further.
Proof of Concept:
Account 1 becomes the King he is the first King since deployment
Account 2 tries to become the king by claimingThrone with the amount greater then the previousAmount but it reverts with error message "You are already the King " While Hes Not!!!
Cause its saying that the msg.sender is equal to currentKing, So No one else can become the king as they aren't the current King.
To demonstrate this issue, we wrote a test where UserA becomes the king, and UserB attempts to claim the throne. The call reverts, even though UserB is not the current king — this is clearly unintended behavior and shows that the logic is flipped
Recommended Mitigation
This is the recommended Mitigation its simple just add != instead of ==.
Appeal created
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.