Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Wrong require checks in `Game::claimThrone` function.

mozi

Users will never be able to enter the game due to require checks and always be reverting

Description

In expected behavior users can enter using Game::claimThrone function by sending the required claim fee, but in reality users will never be able to enter the game due to require checks in #L188 that only require currentKing to enter.

//@audit-issue how user will be able to enter the game if the msg.sender need to be current king?

@> require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

This will occur everytime users call Game::claimThrone function and revert immediately

Impact:

No one can entering the game

Proof of Concept

Player1 try to claim the throne and become a king by sending the required claim fee or more

function test_ClaimThroneAndBecomeKing() public {

address whoIsCurrentKing = game.currentKing();

assertEq(whoIsCurrentKing, address(0));

vm.startPrank(player1);

game.claimThrone{value: 2 ether}();

vm.stopPrank();

}

but the tx will always revert, because require checks only require currentKing to enter

[48482] GameTest::test_ClaimThroneAndBecomeKing()

├─ [2618] Game::currentKing() [staticcall]

│ └─ ← [Return] 0x0000000000000000000000000000000000000000

├─ [0] VM::assertEq(0x0000000000000000000000000000000000000000, 0x0000000000000000000000000000000000000000) [staticcall]

│ └─ ← [Return]

├─ [0] VM::startPrank(player1: [0x7026B763CBE7d4E72049EA67E89326432a50ef84])

│ └─ ← [Return]

├─ [27259] Game::claimThrone{value: 2000000000000000000}()

│ └─ ← [Revert] Game: You are already the king. No need to re-claim.

└─ ← [Revert] Game: You are already the king. No need to re-claim.

the revert say Player1 is already the king, but in reality currentKing still address(0).

Recommended Mitigation

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Now users can enter the game by claim the throne and become king replace prev king and replaced king can compete again till grace period end.

Updates

Appeal created

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.