Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Previous King will not get anything from the protocol not as what protocol said, make the protocol less trusted

vegazeronos

Previous King will not get anything from the protocol not as what protocol said, make the protocol less trusted

Description

  • The protocol said that the previousKing will get a small amount of portion from the claimFee . This is good for the previousKing but there's nothing record for the previousKing

  • In the natspec for Game::claimThrone it says that if there's a previous king, a small portion of the new claim fee is sent to them.


function claimThrone() external payable gameNotEnded nonReentrant {
.
.
.
@> uint256 previousKingPayout = 0;
uint256 currentPlatformFee = 0;
uint256 amountToPot = 0;
// Calculate platform fee
currentPlatformFee = (sentAmount * platformFeePercentage) / 100;
// Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout
@> if (currentPlatformFee > (sentAmount - previousKingPayout)) {
@> currentPlatformFee = sentAmount - previousKingPayout;
@> }
.
.
.
}

Risk

Likelihood:

  • High, because after the 1st round of the game, the protocol should give little amount to the previous king and this will always happen

Impact:

  • The King will be mad because they dont get any share, and they wont use the protocol anymore

Proof of Concept

  1. Player 1 win the first round of the game

  2. The owner reset the game and player1 become the previous King

  3. When the 2nd game ongoing, there's a lot of player maybe 1000 of them join the game

  4. The Previous King thinking he / she will get lots of money because of what protocol said (previousKing should get some or little amount from this game).

  5. The previous King want to withdraw the share protocol promise

  6. The previous King cannot withdraw anything because there's no share at all

  7. The Previous King got scam

  8. The Previous King is Mad

  9. The Previous King tweet it on X and it got viral

  10. The protocol goes bankrupt because the trust from the society is gone


Recommended Mitigation

Protocol should consider between these two condition

  1. remove the promise to give some amount to the previous king and delete the code OR

  2. make the promise into reality with the code

function claimThrone() external payable gameNotEnded nonReentrant {
require(msg.value >= claimFee, "Game: Insufficient ETH sent to claim the throne.");
require(msg.sender == currentKing, "Game: You are already the king. No need to re-claim.");
uint256 sentAmount = msg.value
- uint256 previousKingPayout = 0;
uint256 currentPlatformFee = 0;
uint256 amountToPot = 0;
// Calculate platform fee
currentPlatformFee = (sentAmount * platformFeePercentage) / 100;
// Defensive check to ensure platformFee doesn't exceed available amount after previousKingPayout
- if (currentPlatformFee > (sentAmount - previousKingPayout)) {
- currentPlatformFee = sentAmount - previousKingPayout;
+ if (currentPlatformFee > sentAmount{
+ currentPlatformFee = sentAmount;
}
platformFeesBalance = platformFeesBalance + currentPlatformFee;
Updates

Appeal created

inallhonesty Lead Judge 29 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing Previous King Payout Functionality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.