search

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

Certain features of Game Items are not updateable and might lead to some DOS #1397

Closed c4-bot-9 closed 8 months ago

c4-bot-9 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/GameItems.sol#L39

Vulnerability details

Impact

GameItems contract allows admin to create game items that can be minted by players for certain fee. Game items attributes include:

    /// @notice Struct for game item attributes
    struct GameItemAttributes {
        string name;
        bool finiteSupply;
        bool transferable;
        uint256 itemsRemaining;
        uint256 itemPrice;
        uint256 dailyAllowance;
    }

Although createGameItem primarily serves as an administrative function, unforeseen circumstances may arise where the initially set values no longer align with the current constraints, necessitating updates.

For instance, battery is set to be the first item to be created by the admin, and from test file, it was set to be finite in supply, so it will have a limited supply. The problem here is that there might be a need to increase the supply when the game gains massive adoption. Items like battery cannot be re-created due to the way it is being used to refill voltage; here

    function useVoltageBattery() public {
        ...
        require(_gameItemsContractInstance.balanceOf(msg.sender, 0) > 0);
        _gameItemsContractInstance.burn(msg.sender, 0, 1);
        ...

If the battery item gets exhausted, the function above will not be available, and there will be no way to make it work since it already relies on item with id of 0 which will be created first in GameItems.sol.

Proof of Concept

If the initial allGameItemAttributes[tokenId].itemsRemaining was set to 100,000,000. with 100_000 active users using up a dailyAllowance of 10, it will take only 100days for the useVoltageBattery() to be no longer available for users who don't have any battery.

        require(
            dailyAllowanceReplenishTime[msg.sender][tokenId] <= block.timestamp || 
            quantity <= allowanceRemaining[msg.sender][tokenId]
        );

Tools Used

Manual review.

Recommended Mitigation Steps

Implement a function callable by admins to update crucial attributes like itemsRemaining when necessary.

Assessed type

DoS

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #1101

c4-judge commented 8 months ago

HickupHH3 changed the severity to QA (Quality Assurance)