The normal behavior of the declareWinner()
function is to allow anyone to end the game and award the pot to the current king once the grace period has expired.
However, the function lacks a nonReentrant
modifier and any caller-specific cooldown mechanism. As a result, a malicious actor can deploy a contract that programmatically front-runs the grace period check, repeatedly calling claimThrone()
followed immediately by declareWinner()
until timing lines up, effectively forcing an early win or stalling the game.
Likelihood:
This is likely in bot-driven environments where users can deploy smart contracts to programmatically interact with claimThrone()
and time declareWinner()
to force early ends.
This could also be exploited during low player activity, where an attacker can narrowly time transactions around grace period expiration.
Impact:
Premature game-ending grants unfair rewards to the attacker.
This may cause loss of player trust and manipulation of on-chain game analytics.
Optionally add additional safeguards:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.