Submission Details
Impact:
Likelihood:
Potential Integer Overflow in Fee Calculations
Description:
The fee for each new claim is updated via
claimFee = claimFee + (claimFee * feeIncreasePercentage) / 100;
If many claims occur with a high feeIncreasePercentage, this multiplication can overflow and revert, halting the game.
Impact:
Denial of Service: Once an overflow occurs, no further claims can be made.
Locked Pot: The game becomes unplayable, and funds sit idle.
Proof of Concept:
function testPotentialFeeOverflow() public {
// Deploy with high initial fee and increase percentage
vm.prank(deployer);
Game overflowGame = new Game(
type(uint256).max / 2, // Very high initial fee
GRACE_PERIOD,
100, // 100% increase each time
PLATFORM_FEE_PERCENTAGE
);
// This would eventually overflow if the logic was fixed and multiple claims were made
uint256 currentFee = overflowGame.claimFee();
// Calculate what would happen after fee increase
uint256 nextFee = currentFee + (currentFee * 100) / 100; // 100% increase
// This demonstrates the potential for overflow
assertGt(nextFee, currentFee); // Would fail if overflow occurred
}
Mitigation:
Impose an upper cap on
claimFeeto prevent overflows.Use a checked-math pattern or revert with a clear error when
claimFeewould exceed a safe maximum.Alternatively, switch to a fixed-increment model rather than percentage growth.
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.