Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Previous King Payout Implementation

jufel

Description:
The code declares a previousKingPayout variable intended to reward the outgoing king, but never assigns or transfers it. As a result, no portion of a new claim fee is ever paid out to the dethroned king, violating the intended game economics.

Impact:

  • Economic Incentive Broken: Kings never receive their promised payout, undermining player trust.

  • Unfair Gameplay: Only the eventual winner gets a reward, making intermediate “king” status unprofitable.

Proof of Concept: Add the following test to the 'Game.t.sol':

function testPreviousKingNeverReceivesPayout() public {
// Would need to fix the contract first (incorrect king validation logic), but this demonstrates the missing payout
// player1 becomes king
vm.prank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
// player2 dethrones player1
vm.prank(player2);
// This would fail due to inverted logic, but if fixed, player1 still gets no payout
game.claimThrone{value: game.claimFee()}();
// player1 should have pending winnings > 0, but does not
assertEq(game.pendingWinnings(player1), 0);
}

Mitigation:
Implement proper calculation and transfer of previous king payout within the claimThrone() function:

// Calculate payout to previous king
if (currentKing != address(0)) {
uint256 previousKingPayout = (sentAmount * previousKingPercentage) / 100;
pendingWinnings[currentKing] += previousKingPayout;
amountToPot = sentAmount - currentPlatformFee - previousKingPayout;
} else {
amountToPot = sentAmount - currentPlatformFee;
}
Updates

Appeal created

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing Previous King Payout Functionality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!