Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

´Game:claimThrone´ function requires the current king to be the one calling the function, making the game unplayable

rabuawad

´Game:claimThrone´ function requires the current king to be the one calling the function, making the game unplayable

Description

  • The second require on the ´Game:claimThrone´ requires the caller to be the current king, the logic should be inverted, so that a new player can try to claim the throne.

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

  • When a player calls the claim function this require is going to require that sender to be the current king.

  • This variable intializes in address zero, meaning that there is not a way to play this game.

Impact:

  • Game becomes unplayable.

Proof of Concept

Testing with multiple addresses we can see that none of them passes, meaning, the game is unplayable.

function testFuzz_NoOneCanClaimThrone(address tester) public {
// Deal tester a large amount of ether
vm.deal(tester, type(uint256).max);
// No one is king; trying to claim reverts
vm.prank(tester);
vm.expectRevert(bytes("Game: You are already the king. No need to re-claim."));
game.claimThrone{value: type(uint256).max}();
}

Recommended Mitigation

Update the logic to check if the ´msg.sender´ is different tha the currentKing.

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.