Last Man Standing

The `claimThrone()` function allows a player to claim the throne at any time, even after the gracePeriod has expired,

​

because there is no check for whether the current time is still within the valid claiming window.

​

If the intended behavior is to disallow throne claiming after the gracePeriod, then this is a clear logic bug.

​

If the function is intended to allow throne claiming indefinitely, then it's just unclear naming/documentation.

​

-> Vulnerability Details

​

Function Affected: `claimThrone()`

​

Missing Check:

​

```javascript

require(block.timestamp <= lastClaimTime + gracePeriod, "Game: Grace period over");

```

This check is not present, allowing anyone to call claimThrone() regardless of how much time has passed.

​

1. A malicious player can stall the game indefinitely by calling claimThrone() even after the gracePeriod is long over, preventing prize payout or game closure logic.

​

2. If the game is intended to have a winner after grace period ends, this function prevents that finality.

​

3. `finalizeGame()`, if present in your code, might become unusable or meaningless.

​

Add this test to your GameTest.sol file:

​

```javascript

function testClaimThroneAfterGracePeriod_ShouldRevert() public {

vm.prank(player1);

game.claimThrone{value: INITIAL_CLAIM_FEE}();

​

// fast forward beyond grace period

vm.warp(block.timestamp + GRACE_PERIOD + 1);

​

vm.prank(player2);

vm.expectRevert("Game: Grace period over");

game.claimThrone{value: game.getCurrentClaimFee()}(); // assuming this getter exists

}

```

In claimThrone():

​

```javascript

require(block.timestamp <= lastClaimTime + gracePeriod, "Game: Grace period over");

```

​

Add this before updating lastClaimTime and accepting the new claim.

​