MyCut

Summary

There is a lack of checks on the inputs of function createContest() may create several problems.

Vulnerability Details

The lack of checks:

1. No limit on the array size.

2. No length equality check, that is, whether players.length == rewards.length

3. No duplicate checks on players

4. No minimum and maximum amount of rewards.

5. No check whether the total amount of rewards equal to totalRewards.

The problems that may occur associated with the lack of checks above:

1. The array Pot::claimants can be too long that a call to function Pot::closePot() may exceed block gas limit.

2. A player may not be added due to a lack of rewards data, or vice versa.

3. A player's existing data will be overwritten by the duplicates.

4. The reward may be too small or too large. Zero amount also means that there is no reward for the player.

5. Data inconsistency that may cause Pot::claimCut() to fail due to arithmetic overflow if remainingRewards is less than the total rewards for players. The Pot contract also may not have enough assets to distribute to all players.

Impact

The newly created Pot contract may not work as expected.

Tools Used

Manual review.

Recommendations

Consider adding checks to prevent the mentioned problems from happening.