Sparkn

Summary

In the Distributor.sol::_distribute function, it is recommended to add checks for winners to ensure that there are no occurrences of 0 addresses or duplicate values to avoid unexpected situations. Otherwise, it may result in anomalies such as repeatedly distributing rewards to the same winner in a single competition or distributing rewards to a winner with a 0 address.

Vulnerability Details

1. From a developer's perspective, there are two scenarios for the competition:

   1. "Scenario 1": Each competition has only one winner.

   2. "Scenario 2": Each competition has multiple winners.

2. In "Scenario 1", the uniqueness of the winner is ensured, but a 0 address check is still required. However, in "Scenario 2", which is the case for Sparkn, a 0 address check is needed as well as ensuring the uniqueness of the winners.

Impact

1. In the reward distribution within the _distribute function, the lack of 0 address check for the winners may result in rewards being mistakenly distributed to the 0 address.

2. In the reward distribution within the _distribute function, the absence of uniqueness checks for the winners may lead to duplicate distribution of rewards to the same winner.

Tools Used

• Manual Review

Recommendations

1. Perform a uniqueness check on the winner to ensure that rewards are not repeatedly distributed to the same winner.

2. Conduct a 0 address check on the winner to ensure that rewards are not distributed to a 0 address.