Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Same King Can Reclaim Throne Without Paying Extra (No Check for msg.sender != currentKing)

priyankmakwana

Root + Impact

Description:

Normal Behavior:
In a King-of-the-Hill game, each player must pay an increasing fee to claim the throne. Once a player becomes the king, they must wait for someone else to dethrone them — they shouldn't be able to re-claim the throne while already in power.

Issue:
There is no check preventing the current king (msg.sender == currentKing) from calling claimThrone() again. This allows them to:

Artificially extend the timer to avoid being dethroned
Inflate the claim fee unnecessarily
Waste gas for no change in game state

This undermines the competitiveness of the game and opens it up to monopolization by one participant.

// @dev Root cause: missing check on current king

// @ claimThrone()

// No `require(msg.sender != currentKing);` means current king could reclaim without risk

Risk

Likelihood:

The current king can call claimThrone() multiple times, as there is no restriction preventing reclaims.
This can occur any time during the active game, especially when grace period is near expiry.
It's highly likely in real gameplay, especially with bots or high-frequency users.

Impact:

This allows the current king to monopolize the throne.
Other players are discouraged from participating as the claim fee escalates quickly.
The game becomes unfair and may cause reputation or financial damage to the platform.

Proof of Concept

// Pseudo-attack contract

contract KingSpamAttack {

address payable game;

constructor(address _game) {

game = payable(_game);

}

function reclaimThroneMultipleTimes(uint times) external payable {

for (uint i = 0; i < times; i++) {

(bool success, ) = game.call{value: msg.value / times}(

abi.encodeWithSignature("claimThrone()")

);

require(success, "Failed to reclaim throne");

}

Explanation:
This contract allows the current king to repeatedly reclaim the throne and reset the grace period — blocking other players from winning and escalating the claim fee unfairly.

Recommended Mitigation

Explanation:

To ensure fair competition, enforce a check in the claimThrone() function that prevents the current king from reclaiming the throne. This stops them from artificially extending the timer and inflating the claim fee without any gameplay change.

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

//or add inequality in between

Updates

Appeal created

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!