Dependency on distributeAssets Function for Reward Allocation in claimRewards Function
Summary
The claimRewards function in the smart contract is designed to allow users to claim their rewards. However, it relies solely on the distributeAssets function to update the rewards mapping. If distributeAssets is not called, users will perpetually have zero rewards, rendering claimRewards ineffective.
Vulnerability Details
The rewards mapping, which tracks the reward amounts for users, is only updated when the distributeAssets function is executed. This design creates a dependency wherein users can only claim rewards if distributeAssets has been previously called and has allocated rewards to them. If, for any reason, distributeAssets is not called or fails to execute properly, the rewards mapping will not be updated, leading to a scenario where users are unable to claim any rewards despite their expectations or entitlements based on their participation or holdings.
Impact
The reliance on a separate function to populate the rewards creates a potential point of failure, where issues in distributeAssets directly affect the claimRewards functionality.
Tools Used
Manual review
Recommendations
Implement a mechanism where rewards are distributed automatically at regular intervals or based on specific contract interactions, reducing reliance on the manual invocation of distributeAssets.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.