Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

The `claimThrone` function incorrectly reverts when a player tries to claim the throne.

minos

Description

The function contains a flawed assertion: require(msg.sender == currentKing, "...");. This condition is logically inverted.

Risk

Impact:
This bug prevents any player from successfully claiming the throne when the game starts. At initialization, currentKing is set to address(0). Since no player can have the address 0x0, the condition msg.sender == currentKing will never be true, causing the transaction to revert with the message "Game: You are already the king. No need to re-claim." This effectively locks the game at launch, making it impossible for anyone to become the first king.

Proof of Concept

  1. Admin deploys the contract.

  2. Player player1 calls the claimThrone function.

  3. Transaction reverts due to the incorrect require statement.

Recommended Mitigation

The condition should be corrected to ensure that a player cannot claim the throne if they are already the king. The fix is to use != instead of ==:

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
Updates

Appeal created

inallhonesty Lead Judge 17 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.