SNARKeling Treasure Hunt
First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: low

Constructor Lacks Minimum Funding Check

Author Revealed upon completion

Root + Impact

Description

  • The constructor accepts any amount of ETH via the payable keyword without validating that the contract receives sufficient funds to cover the expected treasure rewards. The protocol documentation states the contract should be funded with 100 ETH (10 treasures x 10 ETH), but there is no on-chain enforcement of this minimum.

// @>TreasureHunt.constructor()
constructor(address _verifier) payable {
if (_verifier == address(0)) revert InvalidVerifier();
owner = msg.sender;
verifier = IVerifier(_verifier);
paused = false;
// Owner should fund 100 ETH at deployment (10 treasures × 10 ETH).
} //Lacks Minimum Funding Check

Risk

Likelihood:

  • Reason 1: the owner initiates the TreasureHunt contract with less than 100 ETH


Impact:

  • Impact: Contract can be deployed with insufficient funds (e.g., 1 ETH instead of 100 ETH)

  • Early claimants may successfully claim treasures but later claimants find the contract has insufficient balance

  • Creates a "race to claim" dynamic where late participants are denied their expected rewards

  • Damages protocol credibility and trust


Proof of Concept

A owner funds the TreasureHunt contract with 85 Eth.

8 hunters successfully claimed the rewards.

There is no other hunters can successfully claim rewards due to lack of funds.

Recommended Mitigation

Add a minimum funding check in the contract constructor:

constructor(address _verifier) payable {
if (_verifier == address(0)) revert InvalidVerifier();
+ require (msg.value >= REWARD * MAX_TREASURES, "InsufficientFunding");
owner = msg.sender;
verifier = IVerifier(_verifier);
paused = false;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!