Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

The `updatePlatformFeePercentage` function lacks a modifier, allowing direct parameter changes while the throne claim is still ongoing.

minos

Description

The updatePlatformFeePercentage function lacks a modifier, enabling the owner to directly modify the platform fee percentage even while the throne claim game is still active.

Risk

Impact:

During normal player participation, if the admin can arbitrarily change the fee percentage, it becomes unfair to the player who will eventually win.
As the game progresses, an increased platform fee reduces the amount added to the pot per claim, slowing down prize accumulation and diminishing the final reward for the winner.

Proof of Concept

This verification assumes the claimThrone function has already fixed the following two issues:
1. Correct initial check: require(msg.sender != currentKing, "Game: You are already the king. No need to re-claim.");
2. Proper handling of the previous king's reward: uint256 previousKingPayout = (sentAmount * previousKngFeePercentage) / 100;
Admin deploys the contract.
Player player1 pays the claim fee and calls claimThrone.
Player player2 pays the claim fee and calls claimThrone.
Admin calls updatePlatformFeePercentage to increase the platform fee.
Player player1 pays the claim fee and calls claimThrone, contributing less to the pot due to the higher fee.
Player player2 pays the claim fee and calls claimThrone, also contributing less to the pot.

Recommended Mitigation

Simply add the gameEndedOnly modifier to the updatePlatformFeePercentage function, restricting the admin to only update the fee percentage after the game has ended:

/**

* @dev Allows the contract owner to update the platform fee percentage.

* @param _newPlatformFeePercentage The new platform fee percentage (0-100).

function updatePlatformFeePercentage(uint256 _newPlatformFeePercentage)

external

onlyOwner

+ gameEndedOnly

isValidPercentage(_newPlatformFeePercentage)

{

platformFeePercentage = _newPlatformFeePercentage;

emit PlatformFeePercentageUpdated(_newPlatformFeePercentage);

}

Updates

Appeal created

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.