Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[H-1] Throne Cannot Be Claimed — Game Is Permanently Bricked

wolf_kalp

Root + Impact

[H-1] Throne Cannot Be Claimed — Game Is Permanently Bricked

Description

The claimThrone() function contains a faulty require statement that prevents any user from ever claiming the throne.

Specifically, it checks:

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

This condition only allows the current king to call claimThrone(), which completely contradicts the purpose of the game — where new players are supposed to outbid the current king to claim the throne.

At deployment:

currentKing == address(0)

First caller (e.g., Bob) will never be address(0)

⇒ claimThrone() always reverts

⇒ No one can ever claim the throne

Impact:

1.Critical game-breaking flaw

2.No one can ever become King

3.All ETH sent is wasted or locked

4.Prize pool never accumulates

5.Game logic never progresses

6.Contract is permanently bricked

Proof of Concept

// assume: initial claim fee = 1 ETH, currentKing == address(0)
claimThrone() called by Bob (EOA != address(0)):
require(msg.sender == currentKing) fails
→ reverts: "Game: You are already the king."
→ Bob cannot claim throne
→ No state updates
→ Game cannot begin
// Game is now in a permanently unusable state

Recommended Mitigation

  1. Correct the require logic:

Replace:

require(msg.sender == currentKing, "Game: You are already the king.");

With:

require(msg.sender != currentKing, "Game: You are already the king.");
Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.