Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Wrong Logic in `claimThrone` Function, it blocks any user from claiming the throne Description: ```solidity function claimThrone() external payable gameNotEnded nonReentrant { require(msg.value >= claimFee, "Game: Insuffic

vincent71399

Description:

function claimThrone() external payable gameNotEnded nonReentrant {

require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

@> require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

...

}

This logic incorrectly checks if the sender is the current king, which prevents any non-currentKing from claiming the throne.
The check should be to ensure that the sender is not the current king, allowing anyone else to claim it.

Impact: Since initial value of currentKing is address(0), this logic blocks any user from claiming the throne, effectively making the game unplayable.

Proof of Concept:
add the following test to Game.t.sol and run it

function testClaimThrone_Blocked() public {

uint256 claimFee = game.claimFee();

assertEq(game.currentKing(), address(0));

vm.startPrank(player1);

vm.expectRevert("Game: You are already the king. No need to re-claim.");

game.claimThrone{value: claimFee}();

vm.stopPrank();

}

Recommended Mitigation:
change the logic to any non-currentKing can claim the throne

function claimThrone() external payable gameNotEnded nonReentrant {

require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

...

}

Updates

Appeal created

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.