ClosePot Function Does Not Distribute Remaining Rewards Correctly
Summary
In the declared functionality, we have the following requirement:
"... the manager takes a cut of the remaining pool, and the remainder is distributed equally to those who claimed in time."
However, in 'Pot::closePot', the distribution of the remaining rewards is not correct because claimantCut is calculated using i_players.length.
Vulnerability Details
In 'Pot::closePot', we have the following line:
This distributes the remaining rewards among all registered players, not just among the claimants, as it should.
Impact
Since the division is done among all existing players and not just the claimants, the transferReward function will only send a portion of the rewards to the claimants. The rest of the funds will be locked in the pot contract forever since the owner has no mechanism to withdraw the remaining funds.
Tools Used
Manual analysis.
Recommendations
The claimantCut should be divided by claimants.length instead:
Lead Judging Commences
Incorrect distribution in closePot()
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.