MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Unclaimed Tokens Due to Truncation in Claimant Cut Calculation

brene

Summary

The closePot function in the Pot contract calculates claimantCut using integer division, which can lead to truncation and result in unclaimed tokens. This issue can cause a small amount of tokens to remain undistributed.

Vulnerability Details

The claimantCut calculation in the closePot function uses integer division.

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
>> uint256 claimantCut = (remainingRewards - managerCut) / claimants.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}

Integer division truncates any remainder, potentially leaving a small number of tokens undistributed.

Impact

A small amount of tokens may remain in the contract, leading to inefficiencies and potential disputes over the remaining balance.

Tools Used

Manual Review

Recommendation

Implement logic to handle any remainder from the division, ensuring all tokens are distributed. For example, consider distributing the remainder to a few claimants or the contract owner.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Dusty Pot

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.