Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect King Validation in `claimThrone`

jufel

Description:
In the claimThrone function, the contract checks

require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

instead of verifying the caller is not the current king. This inverted logic makes it impossible for any new player to claim the throne, since currentKing starts as address(0) and no regular msg.sender will ever equal that value.

Impact: This vulnerability completely breaks the game functionality, preventing any player from claiming the throne after the first claim, effectively making the game unplayable.

  • Denial of Service: No one can ever become king (and thus the game never starts).

  • Game Lock: The pot never grows, and declareWinner can never be called because currentKing remains address(0).

Proof of Concept: Add the following test to the 'Game.t.sol':

function testNewPlayerCannotClaim() public {
// Player tries to claim throne but fails due to inverted logic
vm.prank(player1);
vm.expectRevert("Game: You are already the king. No need to re-claim.");
game.claimThrone{value: INITIAL_CLAIM_FEE}();
}

Mitigation:
Change the check to require the caller is not the current king:

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!