Incorrect King check prevents all players from participating
Incorrect logic causes denial of service
Description
-
Normally, when a player calls
Game::claimThrone, they become the new King as long as they pay the current claim fee and are not already the King. The function should prevent the current King from reclaiming the throne again. -
However, the check in the
claimThronefunction incorrectly restricts everyone except the current King from participating. It uses the condition:@> require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
This allows only the current King (zero address) to claim the throne again, a logic inversion of the intended rule. As a result, no new players can participate after the first King, halting the game entirely.
Risk
Likelihood:
-
This will occur immediately when the first player becomes King.
-
All subsequent attempts to call
claimThrone()by any new player will fail due to the incorrectrequirecondition.
Impact:
Completely breaks the game mechanics, no one can participate after deployment.
Proof of Concept
This test demonstrates how players can not claim the throne since the function requires the current king only to claim, which happens to be the zero address. It treverts on any attempt.
Recommended Mitigation
Change the faulty line in claimThrone
Appeal created
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.