Summary

The createPool function in the Distribution contract allows the addition of duplicate pools to the pools array without checking if the content is unique. While the function is controlled by the admin, the lack of validation for uniqueness could lead to potential issues if duplicate pools are mistakenly added. This could impact the user experience and introduce confusion in managing and maintaining the pools.

Vulnerability Details

The vulnerability arises from the absence of a check for duplicate content when adding pools using the createPool function. The function appends a new pool to the pools array without verifying if a similar pool already exists.

Impact

1 - Duplicate pools may lead to confusion and complexity in managing and maintaining the system. Administrators and developers may find it challenging to debug and modify duplicated pools effectively.

2 - Users interacting with the contract might experience inconsistent behavior if they stake or claim rewards from duplicated pools. This could affect the overall user experience and trust in the system.

POC

• Copy paste the below code to your tests ( i am using foundry )

• Run the test via this command forge test --match-test testCreatePool -vvvv

Test:

Result:

Tools Used

Manual analysis and review.

Recommendations

To enhance the createPool function, add a validation mechanism to check if the array being added is unique.