Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Player cannot join the game because `Game::claimThrone` have a wrong equation check, makes the protocol useless

vegazeronos

Player cannot join the game because `Game::claimThrone` have a wrong equation check, makes the protocol useless

Description

Player who wants to join the game should use Game::claimThrone and the player cannot be the king if they want to join the game.
Sadly, the require check should be checking if the player is the Current King. But it is not Checking right. The current checking is using a wrong equation which lead to everybody cannot use the protocol

function claimThrone() external payable gameNotEnded nonReentrant {

require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

@> require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

Risk

Likelihood:

Everytime player want to join the game, they cannot

Impact:

Everyone cannot join the game because of this wrong equation, the game cannot run even at the beginning
The protocol cannot run even at the start of their launch

Proof of Concept

Player 1 want to join the game
Sadly, he / she cannot join because of the wrong equation

function test_firstPlayerCannotJoin() public {

vm.startPrank(player1);

uint256 claimAmount = game.claimFee();

vm.expectRevert();

game.claimThrone{value: claimAmount}();

vm.stopPrank();

}

Recommended Mitigation

Please consider to change the equation from require(msg.sender == currentKing...) into this code require(msg.sender != currentKing...)

function claimThrone() external payable gameNotEnded nonReentrant {

require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Updates

Appeal created

inallhonesty Lead Judge 28 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Last Man Standing

Player cannot join the game because `Game::claimThrone` have a wrong equation check, makes the protocol useless

Player cannot join the game because Game::claimThrone have a wrong equation check, makes the protocol useless

Description

Risk

Proof of Concept

Recommended Mitigation

Appeal created

Game::claimThrone `msg.sender == currentKing` check is busted

Rewards breakdown

Live

Judging

Appeals

Appeals Review

Rewards Distribution

FAQs

Player cannot join the game because `Game::claimThrone` have a wrong equation check, makes the protocol useless