Submission Details
Severity:
Inconsistent Grace Period After Reset
Description:
The owner can update gracePeriod mid-round, but only gracePeriod (not initialGracePeriod) is changed. After resetGame(), gracePeriod reverts to the old initialGracePeriod, ignoring the owner’s update.
Impact:
Confusing UX: Players see a changed grace period one round but revert the next, breaking expectations.
Owner Frustration: Cannot permanently change grace period across rounds.
Proof of Concept: Add the following test to the 'Game.t.sol':
function testResetGracePeriod() public {
// Owner updates gracePeriod to 2 days
vm.prank(deployer);
game.updateGracePeriod(2 days);
assertEq(game.gracePeriod(), 2 days);
// Would need to fix the contract first (incorrect king validation logic), but this demonstrates the vulnerability
// player1 becomes king
vm.prank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
// Simulate end of game
vm.warp(block.timestamp + 3 days);
// Declare and reset
game.declareWinner();
vm.prank(deployer);
game.resetGame();
// Grace period has reverted to original 1 day
assertEq(game.gracePeriod(), 1 days);
}
Mitigation:
Also update initialGracePeriod:
function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner {
require(_newGracePeriod > 0, "Game: New grace period must be greater than zero.");
+ initialGracePeriod = _newGracePeriod;
emit GracePeriodUpdated(_newGracePeriod);
}
Updates
Appeal created
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
Grace period upgrade is not persistent after reset.
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.