Bad interface function implementation
Summary
The vulnerability in the FeeDistribution interface is that the Staking contract is not correctly implementing the inherited claim() function.
The problem is the following:
The FeeDistribution interface defines the claim(address) function that must be implemented by contracts that inherit it.
The Staking contract inherits from FeeDistribution but does not implement the claim(address) function as defined in the interface.
Instead, Staking implements a different claim() function, which does not receive an address parameter.
Vulnerability Details
In short, it is a design vulnerability not to follow the interface standard, which can lead to errors and incompatibilities.
Impact
This can lead to the following problems:
Any contract attempting to call claim(address) on an instance of Staking will receive an error, as the function does not exist.
The reward claiming logic in Staking is completely different from what any other contract would expect when inheriting FeeDistribution.
The advantage of using a standardised interface is lost, as Staking does not follow the standard.
Tools Used
Manual review
Recommendations
To fix this, Staking should implement the claim(address) function as defined in the FeeDistribution interface:
This ensures that the contract is compatible with others using the FeeDistribution interface and the standardised claim logic can be reused.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.