Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Broken Reward Flow for Previous King in claimThrone()

kode_n_rolla

Root + Impact

Description

Normal Behavior: When a player claims the throne, a small portion of the claimFee should be paid to the previous king as a reward. This is stated in both code comments and the project description.
Issue: The variable previousKingPayout is declared but never assigned any non-zero value. It remains 0 in all cases, and no actual transfer to the previous king is made, breaking the intended reward mechanism.

function claimThrone() external payable gameNotEnded nonReentrant {

...

uint256 previousKingPayout = 0; // @> Declared but never updated

...

// Defensive check referencing previousKingPayout

if (currentPlatformFee > (sentAmount - previousKingPayout)) {

currentPlatformFee = sentAmount - previousKingPayout;

}

...

// No transfer to previous king anywhere

}

Risk

Likelihood:

This issue occurs on every claimThrone() call after the first claim.
Once there’s a king, the payout logic should activate — but it silently fails.

Impact:

The "King of the Hill" mechanic is undermined. Players don’t receive any reward for becoming king, discouraging competitive gameplay.

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import {Test, console2} from "forge-std/Test.sol";

import {Game} from "../src/Game.sol";

contract GameTest is Test {

Game public game;

address public deployer;

address public player1;

address public player2;

address public player3;

address public maliciousActor;

// Initial game parameters for testing

uint256 public constant INITIAL_CLAIM_FEE = 0.1 ether; // 0.1 ETH

uint256 public constant GRACE_PERIOD = 1 days; // 1 day in seconds

uint256 public constant FEE_INCREASE_PERCENTAGE = 10; // 10%

uint256 public constant PLATFORM_FEE_PERCENTAGE = 5; // 5%

function setUp() public {

deployer = makeAddr("deployer");

player1 = makeAddr("player1");

player2 = makeAddr("player2");

player3 = makeAddr("player3");

maliciousActor = makeAddr("maliciousActor");

vm.deal(deployer, 10 ether);

vm.deal(player1, 10 ether);

vm.deal(player2, 10 ether);

vm.deal(player3, 10 ether);

vm.deal(maliciousActor, 10 ether);

vm.startPrank(deployer);

game = new Game(

INITIAL_CLAIM_FEE,

GRACE_PERIOD,

FEE_INCREASE_PERCENTAGE,

PLATFORM_FEE_PERCENTAGE

);

vm.stopPrank();

}

function test_PreviousKinkDoesNotReceivePayout() public {

// claimThrone with player1

vm.deal(player1, 1 ether);

vm.startPrank(player1);

game.claimThrone{value: 1 ether}();

vm.stopPrank();

// Balance visability before

console2.log(

"Player1 balance after claiming throne: ",

player1.balance

);

// claimThrone with player2

vm.deal(player2, 2 ether);

vm.startPrank(player2);

game.claimThrone{value: 2 ether}();

vm.stopPrank();

// Balance visability after

console2.log(

"Player1 balance after player2 claims throne: ",

player1.balance

);

assertEq(

player1.balance,

"Player1 should have received payout but didn't"

);

}

Recommended Mitigation

...

// Game Core State

...

+ uint256 previousKingRewardPercentage = 10; // For calculate previuosKinh payout

...

function claimThrone() external payable gameNotEnded nonReentrant {

...

uint256 sentAmount = msg.value;

- uint256 previousKingPayout = 0;

- uint256 currentPlatformFee = 0;

- uint256 amountToPot = 0;

+ // Payout to the previous king

+ uint256 previousKingPayout = (sentAmount * previousKingRewardPercentage) / 100;

+ if (currentKing != address(0) && previousKingPayout > 0) {

+ (bool sent, ) = currentKing.call{value: previousKingPayout}("");

+ require(sent, "Failed to send payout to previous king");

+ }

+ // Calculate platform fee and amount added to the pot

+ uint256 remaining = sentAmount - previousKingPayout;

+ uint256 currentPlatformFee = (remaining * platformFeePercentage) / 100;

+ // Safety check: fee should not exceed the remaining amount

+ if (currentPlatformFee > remaining) {

+ currentPlatformFee = remaining;

+ }

+ platformFeesBalance += currentPlatformFee;

+ uint256 amountToPot = remaining - currentPlatformFee;

+ pot += amountToPot;

- // Calculate platform fee

- currentPlatformFee = (sentAmount * platformFeePercentage) / 100;

- // Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout

- if (currentPlatformFee > (sentAmount - previousKingPayout)) {

- currentPlatformFee = sentAmount - previousKingPayout;

- }

- platformFeesBalance = platformFeesBalance + currentPlatformFee;

- // Remaining amount goes to the pot

- amountToPot = sentAmount - currentPlatformFee;

- pot = pot + amountToPot;

// Update game state

currentKing = msg.sender;

...

Updates

Appeal created

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing Previous King Payout Functionality

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.