Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Platform Fee Defensive Check Is Ineffective

0x00t1

`platformFeesBalance` Defensive Check Is Ineffective

Description

In claimThrone(), the contract implements a defensive check intended to ensure that the platform fee never exceeds the amount remaining after paying the previous king:

uint256 previousKingPayout = 0; // @audit this is set to 0 and never updated

// Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout

if (currentPlatformFee > (sentAmount - previousKingPayout)) {

currentPlatformFee = sentAmount - previousKingPayout; // <@ still remains 0

}

However, previousKingPayout is always zero in the current implementation, meaning this check never serves its intended purpose.
This leads to one of two outcomes:

The check always passes, making it redundant.
If in the future previousKingPayout is introduced for actual payouts, the current code might behave incorrectly because the logic hasn’t been tested in that context.

Risk

Likelihood:

High in terms of design bug detection — the code path runs every claimThrone() call.

Impact:

Currently, this does not result in a direct financial loss because previousKingPayout is never nonzero.
However, it violates intended design assumptions, which can cause:
- Incorrect fee calculations if previousKingPayout logic is added later.
- Misleading security guarantees since the defensive check appears functional but is effectively dead code.

Proof of Concept

Execution:

function test_PlatformFeeDefensiveCheck_NotTriggered() public {

uint256 sentAmount = INITIAL_CLAIM_FEE; // 0.1 ETH

uint256 expectedPlatformFee = (sentAmount * PLATFORM_FEE_PERCENTAGE) / 100; // 5% of 0.1 ETH

vm.startPrank(player1);

game.claimThrone{value: sentAmount}();

vm.stopPrank();

// Since previousKingPayout is 0, defensive check should NOT trigger

// platformFeesBalance should be the standard % calculation

assertEq(game.platformFeesBalance(), expectedPlatformFee, "Defensive check unexpectedly triggered");

}

Result: The defensive check never activates because previousKingPayout is always zero

Recommended Mitigation

If previousKingPayout is unused, remove both the variable and this check to reduce confusion
Replace the current code with this

if (currentPlatformFee > sentAmount) {

currentPlatformFee = sentAmount;

}

Updates

Appeal created

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing Previous King Payout Functionality

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.