A require() statement in the claimThrone() function prevents anyone from claiming the throne of the smart contract hence rendering the smart contract useless
The smart contract operates by allowing anyone to call the claimThrone() function and pays eth to be the current king of the smart contract and if there is no anyone who will call the function to be the king again in the grace period , then this means that the person will be the winner and take all the funds in the pot of the smart contract ...
But in the smart contract claimThrone() function , we can see that it has a revert statement require( ) with several conditions , one among them is the
which means that it requires that the sender of the transaction or the one who called the function to be the current king , which breaks the function or the purpose of the whole smart contract where other people other than the king should be able to call the function , pay the claimFee and be the king cannot claim the throne if they are already the current king.
Also since it requires the person who called the function to be the king and the first person to be the king is the address( 0 ) , untill it is set at the very end of the claimThrone( ) function itself ,
then this means that the whole smart contract will be useless and will not work at all as the entry function claimThrone( ) will always revert , and the currentKing address is not set or initialized
Proof of Concept
Create a Local Blockchain on the computer using Anvil
Deploy the Smart Contract using forge create
Then using cast send command , try calling the claimThrone( ) fuunction sending with it a claimFee , but you will see that it will always revert with the message "Game: You are already the king. No need to re-claim." , because it needs only the currentKing to be able to call the function and from the smart contract we can see that the currentKing is left at address 0 , so it will always revert and not work
Likelihood ;
The Vulnerability will always occur because for the game to work , then the claimThrone( ) needs to be called and claimFee to be paid to make one the king but since it will always revert if the currentKing does not call it and there is not any currentKing in the smart contract , then the smart contract will never work
Impact ;
The impact is that it will cause the smart contract to be stuck and never work at all rendering it useless as it needs only the currentKing to call the function that is the heart of the smart contract but there is no currentKing
Recommended Mitigation
The mitigation of the vulnerability is pretty straightforward , just in the require( ) revert statement , it should make the currentKing not be the one that should call the claimThrone( ) function
Appeal created
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.