Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Missing Payout to Previous King

teejay4life

Root + Impact

Missing Payout to Previous King in claimThrone

Description

In the game, when a new player claims the throne, the previous king should receive a portion of the new claim fee as an incentive for holding the throne
However, in the current implementation, although the previousKingPayout variable exists, it is never assigned a value or transferred. As a result, the entire claim fee only funds the platform and the pot — the previous king never gets paid

function claimThrone() external payable gameNotEnded nonReentrant {

uint256 previousKingPayout = 0;

// @> This variable is never updated or paid out

}

Risk

Likelihood:

This happens every time any new player claims the throne while a previous king exists
It is guaranteed to happen because the logic to assign and transfer the payout is entirely missing

Impact:

Previous kings are never rewarded, breaking the core game incentive
This undermines user trust and the economic loop, since players pay to claim the throne but get no payout for being dethroned.
The entire ETH intended for payouts accumulates unfairly in the pot or platform fee.

Proof of Concept

A player claims the throne and becomes king
A new player becomes king but the previous king isn't paid for being the previous king

function test_claimThroneDoesNotPayPrevKing() public {

vm.startPrank(player1);

uint256 claimFee = game.claimFee(); // Ensure player1 sends enough ETH to cover the claim fee

// Player 1 claims the throne

game.claimThrone{value: claimFee}();

assertEq(game.currentKing(), player1, "Player 1 should be the current king");

uint256 balBeforeNextPlayer = player1.balance;

vm.stopPrank();

vm.startPrank(player2);

// Player 2 claims the throne

game.claimThrone{value: claimFee + 0.01 ether}();

uint256 balAfterNextPlayer = player1.balance;

assertEq(game.currentKing(), player2, "Player 2 should be the current king");

assertEq(balAfterNextPlayer, balBeforeNextPlayer, "Player 1 should not receive any ETH from Player 2");

vm.stopPrank();

}

Recommended Mitigation

Add a proper payout percentage for the dethroned king, ensure it is subtracted from the total amount, and securely transfer it

Updates

Appeal created

inallhonesty Lead Judge 14 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing Previous King Payout Functionality

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.