Submission Details
Severity:
You are already the king issue
Root + Impact
Description
-
Function claimThrone should allow a player to claim the throne by sending the required claim fee
-
Condition that compares sender and currentKing is incorrect. It is vice-versa, instead of "==", it must be "!="
function claimThrone() external payable gameNotEnded nonReentrant {
require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
// Below condition is incorrect. It is vice-versa, instead of "==", it must be "!="
require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
...
Risk
Likelihood:
Player claims the throne by sending the required claim fee
Impact:
Player receives revert message "You are already the king. No need to re-claim."
Proof of Concept
function testFirstClaim() public {
console2.log("Player1 address:", uint160(player1));
vm.startPrank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
vm.stopPrank();
}
Recommended Mitigation
- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates
Appeal created
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.