Last Man Standing

​

​

- Normally, platform fees should be capped at a reasonable percentage to ensure fair distribution of funds between players and the platform.

- The current implementation allows the owner to set the platform fee up to 100%, effectively draining all funds from the game.

​

// Root cause in the codebase with @> marks to highlight the relevant section

//@audit: Centralization Issue:- Increasing Platform fee percentage upto 100%. These are giving serious centralization powers to the owner.

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage) external onlyOwner isValidPercentage(_newPlatformFeePercentage) {

@> platformFeePercentage = _newPlatformFeePercentage;

}

​

​

**Likelihood**:

​

- This will occur whenever the owner updates the platform fee during a round.

- There is no restriction or cap on the percentage that can be set.

​

**Impact**:

​

- The owner can set the platform fee to 100%, draining all ETH that would normally go into the pot or to players.

- This breaks game integrity and introduces a critical centralization risk.

​

​

Owner calls `updatePlatformFeePercentage(100)` during a round, claims the throne, and receives all funds as platform fees.

​

​

vm.startPrank(deployer);

game.updatePlatformFeePercentage(100);

game.claimThrone{value: game.claimFee()}();

vm.stopPrank();

​

​

Restrict platform fee percentage updates to occur only between rounds and enforce a maximum cap (e.g., 20%).

​

- function updatePlatformFeePercentage(...) external onlyOwner isValidPercentage(...) {

+ function updatePlatformFeePercentage(...) external onlyOwner gameEndedOnly isValidPercentage(...) {

​

Additionally, validate the input:

​

require(_newPlatformFeePercentage <= 20, "Fee too high");

​

---