[H-1] No one can claim the throne due to incorrect logic in `Game::claimThrone` function
[H-1] No one can claim the throne due to incorrect logic in Game::claimThrone function
Description:
The function Game::claimThrone is intended to allow any participant to join the game and claim the throne by sending a value greater than or equal to the claimFee. However, due to the following line:
No one can actually claim the throne. This check incorrectly requires the caller to already be the king, which makes the function revert for anyone trying to claim the throne due to the currentKing is still address(0).
Impact:
-
No participant can ever claim the throne.
-
The core functionality of the game is completely broken.
-
The contract becomes unusable.
Proof of Concept: Add this function into your Game.t.sol file:
This test will fail even though player1 should be able to claim the throne, proving the faulty logic.
Root Cause:
The contract expects the sender to be the address(0), which contradicts the intended logic. When the game starts, currentKing is address(0), so no real user can match that.
Recommended Mitigation: Change this in your Game::claimThrone function :
Appeal created
Game::claimThrone `msg.sender == currentKing` check is busted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.