Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Access Check in claimThrone() Blocks All New Participants

osok17

Root + Impact

Description

  • Any user (except the current king) should be able to call claimThrone by sending enough ETH to become the new king.

  • The intention is to prevent the current king from re-claiming the throne, not to restrict all others. However, the condition is inverted, allowing only the current king to call claimThrone(), and preventing all new participants.

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

  • This occurs immediately after deployment, as no one except the initial king can participate.

Impact:

  • The main game mechanic (claimThrone) becomes inaccessible to all users.

  • The game cannot be started or played as intended.

Proof of Concept

This test shows that calling claimThrone reverts for any player who is not the current king, blocking all claims:

function testNooneCanClaimThrone() public {
vm.startPrank(player1);
vm.expectRevert("Game: You are already the king. No need to re-claim.");
game.claimThrone{value: INITIAL_CLAIM_FEE}();
}

Recommended Mitigation

Update the require condition to correctly reject calls from the current king, allowing all others to participate:

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge 9 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.