From eb902ee53435a2df78023a21a070ef8a511b97b3 Mon Sep 17 00:00:00 2001 From: truthixify Date: Fri, 5 Sep 2025 22:50:27 +0100 Subject: [PATCH 1/2] added missing input validation in use_ability --- contract/src/models/wave.cairo | 4 ++-- contract/src/systems/game.cairo | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/contract/src/models/wave.cairo b/contract/src/models/wave.cairo index 48366e9..7edf84b 100644 --- a/contract/src/models/wave.cairo +++ b/contract/src/models/wave.cairo @@ -144,7 +144,7 @@ pub impl WaveImpl of WaveSystem { // Aallow spawns if timestamps are the same or progressed if current_timestamp == *self.last_spawn_tick { - return true; + return true; } current_timestamp >= *self.last_spawn_tick + (*self.tick_interval).into() @@ -200,7 +200,7 @@ pub impl WaveImpl of WaveSystem { fn get_current_timestamp() -> u64 { let timestamp = get_block_timestamp(); if timestamp == 0 { - 1000_u64 + 1000_u64 } else { timestamp } diff --git a/contract/src/systems/game.cairo b/contract/src/systems/game.cairo index a3a41b3..624332b 100644 --- a/contract/src/systems/game.cairo +++ b/contract/src/systems/game.cairo @@ -78,8 +78,13 @@ pub mod brawl_game { let current_timestamp = get_block_timestamp(); let player_system_dispatcher = self.player_system_dispatcher(); + // Check if the player exists let player: Player = world.read_model(caller); + assert(!player.is_zero(), 'Player does not exist'); + + // Check if the ability exists let ability: Ability = world.read_model(ability_id); + assert(ability.is_non_zero(), 'Ability not found'); // Gather validation data let player_level = player.level; @@ -91,12 +96,21 @@ pub mod brawl_game { .has_ability_equipped(caller, ability_id.into()); let is_target_valid = self.validate_target(target_id); + // Validate ability requirements using AbilityTrait::validate + ability.validate(player_level, player_mana); + + // Additional validations + assert(is_player_alive, 'Player not alive'); + assert(is_ability_equipped, 'Ability not equipped'); + assert(current_timestamp >= cooldown_until, 'Ability on cooldown'); + assert(is_target_valid, 'Invalid target'); + // Create usage context let context = AbilityUsageContext { ability_id: ability_id.into(), caster: caller, target: target_id, current_timestamp, }; - // Process the ability usage + // Process ability usage let usage_result = ability .process_usage( context, @@ -119,6 +133,9 @@ pub mod brawl_game { target_id, is_target_valid, ); + + // Update player state + world.write_model(@player); } fn take_damage(ref self: ContractState, amount: u32) { From d3b1da6e1ca28091ed6ac5fd66f29f91e67841d6 Mon Sep 17 00:00:00 2001 From: truthixify Date: Fri, 5 Sep 2025 23:00:41 +0100 Subject: [PATCH 2/2] made some changes according to code rabbit review --- contract/src/systems/game.cairo | 3 --- 1 file changed, 3 deletions(-) diff --git a/contract/src/systems/game.cairo b/contract/src/systems/game.cairo index 624332b..e192e9c 100644 --- a/contract/src/systems/game.cairo +++ b/contract/src/systems/game.cairo @@ -133,9 +133,6 @@ pub mod brawl_game { target_id, is_target_valid, ); - - // Update player state - world.write_model(@player); } fn take_damage(ref self: ContractState, amount: u32) {