Function claimThrone - Require Message Sender is Current King is Invalid - Should require that msg.sender is not current king
Root + Impact
Description
-
Ideal situation: In normal game play, the claimThrone function should ensure that the current king is not calling the claimThrone function.
-
Issue: In the current code, the require (msg.sender == currentKing ... causes the function to fail when its called by any different game player to the current king. For example, initially the currentKing is 0x0, and the message sender is some other address, so requiring msg.sender == currentKing will fail, this means that the rest of the code in claimThrone won't be reached, and currentKing cannot be set to the msg.sender later.
Risk
Likelihood:
The first time the claimThrone function is called by a valid player, or any time after (with the current code) it is called by a king that is not the current king, msg.sender will not be equal to the current king, so the require statement will fail.
Impact:
-
claimThrone function can never set the claimThrone function caller (msg.sender) to the new king .
-
Game play is not possible until this is fixed.
Proof of Concept
To fix this issue, we must correct the require statement as indicated in the Recommended Mitigation.
In other words we should require that msg.sender != currentKing in line 3 below.
See the existing code below and compare to Reccommended Mitigation which follows after it:
Recommended Mitigation
Update the require statement to check that player calling the claimThrone function is not the current king as indicated below (require that msg.sender != currentKing).
Appeal created
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.