Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

The `claimThrone` function doesn't implement logic to share portion of claim fee with a previous king

0xbyteknight

Root + Impact

Description

The application design assumes that during the claimThrone function execution, a previous king will receive a small portion of a new claim fee. The functional implements defensive check to make sure that platformFee doesn't exceed available amount after previousKingPayout.
However, the claimThrone function misses essential logic to calculate and send a portion of fee that should be send to a previous king. Additionaly, it makes the mentioned defensive check useless and causes higher gas fee during deployment.

uint256 sentAmount = msg.value;

@> uint256 previousKingPayout = 0;

uint256 currentPlatformFee = 0;

uint256 amountToPot = 0;

// Calculate platform fee

currentPlatformFee = (sentAmount * platformFeePercentage) / 100;

// Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout

@> if (currentPlatformFee > (sentAmount - previousKingPayout)) {

@> currentPlatformFee = sentAmount - previousKingPayout;

}

Risk

Likelihood:

The issue will occur every time from the second call to the claim Throne function.

Impact:

Previous king won't receive any portion of a new claim fee.
Additional defence check and unused code costs approximately additional 9711 gas during deployment.

Proof of Concept

Recommended Mitigation

Depending on how an owner of the game wants to proceed, there 2 ways to solve this issue:

Implement the missing logic for calculation and sending a portion of fee to a previous king.
Remove unnecesary checks and code from the claimThrone function as below.

uint256 sentAmount = msg.value;

- uint256 previousKingPayout = 0;

uint256 currentPlatformFee = 0;

uint256 amountToPot = 0;

// Calculate platform fee

currentPlatformFee = (sentAmount * platformFeePercentage) / 100;

- // Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout

- if (currentPlatformFee > (sentAmount - previousKingPayout)) {

- currentPlatformFee = sentAmount - previousKingPayout;

- }

platformFeesBalance = platformFeesBalance + currentPlatformFee;

Updates

Appeal created

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing Previous King Payout Functionality

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.