MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Possible for funds to be remaining in the POT contract which cannot be removed

0x0noob

Details

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}

Pot::closePot uses i_players.length to calculate claimantCut whereas it uses claimants.length to loop and make transfers to the claimants. The implication of this is that in a situation where all the players have not claimed there will be dust funds stucked in the contract.

For example, given the values:
(remainingRewards - managerCut) = 110 - 10 = 100
i_players.length = 6
claimants.length = 5

From the simple scenario above, the amount to be shared by the claimant is 100 but it is shared using 100/6 =16 rounded down by solidity into 5 people making the amount shared to be 16 * 5 = 80. There is a clear difference of 20 which will be stucked in contract.

Impact

Possible to enter claimCut after Pot has been closed if there are enough funds for tha particular player/funds stucked in contract.

Tool Used

Manual Review

Recommendation

Calculate claimantCut using claimants.length since the goal is to share the remaining funds between the claimants.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect distribution in closePot()

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.