This repository has been archived by the owner on May 5, 2024. It is now read-only.
klaus - _killWoundedAgents - re-wounded healed agent die when ROUNDS_TO_BE_WOUNDED_BEFORE_DEAD passed because of not checking woundedAt #21
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
klaus
high
_killWoundedAgents - re-wounded healed agent die when ROUNDS_TO_BE_WOUNDED_BEFORE_DEAD passed because of not checking woundedAt
Summary
If an agent healed is wounded again, the agent will die from the previous wound that was healed. The user spends LOOKS tokens to heal and success to heal, but as the result, the agent will die.
Vulnerability Detail
The
_killWoundedAgents
function only checks the status of the agent, not when it was wounded.So when
fulfillRandomWords
kills agents that were wounded and unhealed at roundcurrentRoundId - ROUNDS_TO_BE_WOUNDED_BEFORE_DEAD
, it will also kill the agent who was healed and wounded again after that round.Also, since
fulfillRandomWords
first draws the new wounded agents before kills agents, in the worst case scenario, agent could die immediately after being wounded in this round.This is the PoC test code. You can add it to the Infiltration.fulfillRandomWords.t.sol file and run it.
Impact
The user pays tokens to keep the agent alive, but agent will die even if agent success to healed. The user has lost tokens and is forced out of the game.
Code Snippet
https://github.com/sherlock-audit/2023-10-looksrare/blob/86e8a3a6d7880af0dc2ca03bf3eb31bc0a10a552/contracts-infiltration/contracts/Infiltration.sol#L1489
https://github.com/sherlock-audit/2023-10-looksrare/blob/86e8a3a6d7880af0dc2ca03bf3eb31bc0a10a552/contracts-infiltration/contracts/Infiltration.sol#L1130-L1143
Tool used
Manual Review
Recommendation
Check woundedAt at
_killWoundedAgents
The text was updated successfully, but these errors were encountered: