MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Players can claim rewards even after the 90 days limit - possible when the manager has not yet distributed the rewards

hawksvision

Summary

It is specified in the contract logic that the players are allowed to withdraw the rewards only during the 90 days timeline but it's possible for players to withdraw amount even after the 90 days interval.

Vulnerability Details

Due to the lack of any check in function claimCut() for whether the time to claim has elapsed,the players are able to withdraw the rewards whenever they want.This is different from the specified logic of the contract.

Impact

Since the players can claim after the specified interval, the players who claimed within the specified time will not be receiving additional rewards they are supposed to receive. The unclaimed amount after the time period is now claimed by the players but it should have been split between the users who claimed in time.

Proof Of Concept

function testClaimAfter90() public mintAndApproveTokens {

vm.startPrank(user);

rewards = [500, 500];

totalRewards = 1000;

contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), totalRewards);

ContestManager(conMan).fundContest(0);

vm.stopPrank();

vm.startPrank(player1);

Pot(contest).claimCut();

vm.stopPrank();

uint256 claimantBalanceBefore = ERC20Mock(weth).balanceOf(player1);

vm.warp(91 days);

uint256 playerBalanceBefore = ERC20Mock(weth).balanceOf(player2);

vm.startPrank(player2);

Pot(contest).claimCut();

vm.stopPrank();

uint256 playerBalanceAfter = ERC20Mock(weth).balanceOf(player2);

assert(playerBalanceAfter > playerBalanceBefore);

}

Tools Used

-> Manual review

-> Foundry

Recommendations

Add a time check in the claimCut() function, It can be something similar to the below code

function claimCut() public {

if (block.timestamp - i_deployedAt > 90 days) {

revert Pot__TimeElapsed();

}

address player = msg.sender;

uint256 reward = playersToRewards[player];

if (reward <= 0) {

revert Pot__RewardNotFound();

}

playersToRewards[player] = 0;

remainingRewards -= reward;

claimants.push(player);

_transferReward(player, reward);

}

Updates

Lead Judging Commences

equious Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Appeal created

hawksvision Submitter

10 months ago

equious Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.