Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: low

Invalid

Owner can manipulate game outcome through dynamic grace period changes

anchabadze

Description:

The updateGracePeriod() function allows the owner to modify the grace period at any time during an active game, without any restrictions or timelock mechanisms. This creates a critical governance vulnerability where the owner can manipulate game outcomes to their advantage.

function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner {

require(_newGracePeriod > 0, "Game: New grace period must be greater than zero.");

gracePeriod = _newGracePeriod;

emit GracePeriodUpdated(_newGracePeriod);

}

The function lacks any checks for:

Whether the game is currently active
Whether the current grace period has already expired
Any minimum/maximum bounds on the new grace period
Any timelock or delay mechanisms

Attack path:

Scenario 1 - Delaying winner declaration:

Game is active with King A, grace period is 24 hours
23 hours pass, King A is about to win
Owner calls updateGracePeriod(86400 * 365) (1 year)
King A's victory is indefinitely delayed

Scenario 2 - Forcing immediate winner:

Game is active with multiple players competing
Owner's preferred player becomes king
Owner calls updateGracePeriod(1) (1 second)
Owner immediately calls declareWinner() to fix their preferred winner

Scenario 3 - Post-expiry manipulation:

Grace period expires, King A should win
Before anyone calls declareWinner(), owner increases grace period
More players can claim throne, changing the rightful winner

Impact:

Owner can arbitrarily decide game winners regardless of legitimate gameplay

PoC:

Change this line in claimThore() for sucessful test run

- require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");

+ require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");

Put this into Game.t.sol file and run forge test --mt testOwnerCanChangeGracePeriodWhenGameIsActive -vvv

function testOwnerCanChangeGracePeriodWhenGameIsActive() public {

vm.prank(player1);

game.claimThrone{value: INITIAL_CLAIM_FEE}();

vm.warp(block.timestamp + GRACE_PERIOD + 1 hours);

console2.log("Grace period is over. Player 1 should be the winner");

vm.prank(deployer);

game.updateGracePeriod(2 days);

vm.expectRevert();

game.declareWinner();

}

Recommended Mitigation:

Restrict updates during active games:

function updateGracePeriod(uint256 _newGracePeriod) external onlyOwner gameEndedOnly {

require(_newGracePeriod > 0, "Game: New grace period must be greater than zero.");

initialGracePeriod = _newGracePeriod; // Only update for next round

emit GracePeriodUpdated(_newGracePeriod);

}

Updates

Appeal created

inallhonesty Lead Judge 29 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.