Submission Details
Severity:
# Overpayment on Throne Claim leads to Unexpected User Experience
# Overpayment on Throne Claim leads to Unexpected User Experience
## Description
- Normally, a player should only be able to claim the throne by sending exactly the required `claimFee` amount.
- The current implementation allows users to send more than the required `claimFee`, resulting in overpayment and potential confusion.
```javascript
function claimThrone() external payable gameNotEnded nonReentrant {
//@audit: Takes more than claim fee, which is not expected. Better approach could be msg.value == claimFee.
@> require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
//...
}
```
## Risk
**Likelihood**:
- This will occur whenever a user mistakenly sends more ETH than the required claimFee.
**Impact**:
- Users may lose funds by overpaying, as the excess is not refunded.
- This can lead to a poor user experience and loss of trust in the contract.
## Proof of Concept
A user sends 2x the required claimFee when claiming the throne. The contract accepts the transaction, but the extra ETH is not refunded instead it goes into the `pot`.
**Proof Of Code**
- Paste the following code into `Game.t.sol` and see that; overpayed `claimFee` is added into the pot and platform also benefits from it but the user is at a disadvantage as the user payed 2X the amount for no benefit.
```javascript
function testOverPaymentPOC() public {
console2.log("Initial claim fee:", game.claimFee());
vm.startPrank(player1);
game.claimThrone{value: 0.2 ether}();
console2.log("After Player1 claims throne with 2X claim fee:");
console2.log(" pot:", game.pot());
console2.log(" platformFeesBalance:", game.platformFeesBalance());
console2.log(" claimFee (next):", game.claimFee());
vm.stopPrank();
}
```
- The following are the logs of the above POC:
```javascript
Logs:
Initial claim fee: 100000000000000000
After Player1 claims throne with 2X claim fee:
pot: 190000000000000000
platformFeesBalance: 10000000000000000
claimFee (next): 110000000000000000
```
## Recommended Mitigation
Require the exact amount to be sent for claiming the throne.
```diff
- require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
+ require(msg.value == claimFee, "Game: Must send exact claim fee.");
```
Updates
Appeal created
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
Overpayment not refunded, included in pot, but not in claim fee
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.