Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Other than the current king no one else can claim the throne

hunterspartan5

Root + Impact

Description

  • Whoever pays the claimFee should be able to claim the throne, but here only the person who is the king currently can claim the throne, which is wrong. Anyone who can pay the claimFee should be able to become the king.

function claimThrone() external payable gameNotEnded nonReentrant {
require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
// Here the condition should be `msg.sender != currentKing`
require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

  • The require condition is wrong, so whenver this function is called to claim the throne this issue will occur.

Impact:

  • The first person to claim the throne will be the king through the game, which is not an expected behaviour of the game. Anyone who can pay the claimFee should be able to become the king.

Proof of Concept

Recommended Mitigation

Adding this line in the code will help other players to claim the throne by paying the claimFee.

function claimThrone() external payable gameNotEnded nonReentrant {
require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!