Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Game Logic Flaw - Incorrect Claim Validation

prongsdev125

Game Logic Flaw – Incorrect Claim Validation

Description

  • Normally, any player except the current king should be able to claim the throne by paying the required fee, which advances the game and increases the pot.

  • The current implementation incorrectly checks that only the current king can claim, which blocks all new claims after the first, making the game unplayable.

// claimThrone() function
require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim."); // @> This should be != not ==

Risk

Likelihood:

  • This will occur every time a user tries to claim the throne after the first claim.

  • The game will deadlock after the first claim, as no one else can ever claim again.

Impact:

  • The game cannot progress beyond the first claim, making it completely unusable.

  • All funds sent after the first claim are locked and unrecoverable by players.

Proof of Concept

// 1. Alice claims the throne (currentKing = Alice)
// 2. Bob tries to claim the throne:
// require(msg.sender == currentKing, ...) fails because Bob != Alice
// Bob cannot claim, game is stuck

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.