Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`ClaimFee` can be overpaid which cannot be refunded

ksiddharth346

Description

In the claimThrone() function, a user can send more ETH than the required claimFee, but the contract does not refund the excess amount. The entire msg.value is processed and distributed (platform fee + pot), meaning overpayment results in permanent loss of the extra ETH to the game pot or platform, without any notice or refund.

function claimThrone() external payable gameNotEnded nonReentrant {

require(

msg.value >= claimFee,

"Game: Insufficient ETH sent to claim the throne."

);

@> // No check for exact payment — user can send more than `claimFee`

@> // Entire msg.value is processed:

uint256 sentAmount = msg.value;

uint256 currentPlatformFee = (sentAmount * platformFeePercentage) / 100;

...

amountToPot = sentAmount - currentPlatformFee;

@> // Extra amount gets absorbed into the pot — no refund logic

}

Risk

Likelihood:

No user protection: Contract doesn't reject overpayments or refund the difference, and there’s no UI enforcement for sending exactly claimFee.

Impact:

Fund loss: Extra ETH is permanently stuck in the pot.

Proof of Concept

current claimFee = 0.1 ETH.
A user sends 0.2 ETH to claim the throne:
game.claimThrone{value: 0.2 ether}();
No revert occurs — the claim succeeds.
The entire 0.2 ETH is processed:
- 0.01 ETH goes to the platform (5% fee)
- 0.19 ETH goes to the pot
The extra 0.1 ETH is lost from the user's perspective — it was not needed and not refunded.

Recommended Mitigation

Strict Fee Enforcement
Refund Excess ETH

- require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

+ require(msg.value == claimFee, "Game: Must send exact claim fee.");

Updates

Appeal created

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Overpayment not refunded, included in pot, but not in claim fee

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!