MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Duplicate Check for `claimants` Array

brene

Summary

The Pot contract does not include checks to prevent duplicate entries in the claimants array. This oversight can lead to incorrect reward distribution calculations, as the length of the claimants array is used in the claimantCut calculation.

Vulnerability Details

The claimCut function adds players to the claimants array without checking for duplicates.

function claimCut() public {
address player = msg.sender;
uint256 reward = playersToRewards[player];
if (reward <= 0) {
revert Pot__RewardNotFound();
}
playersToRewards[player] = 0;
remainingRewards -= reward;
>> claimants.push(player);
_transferReward(player, reward);
}

Duplicate entries in the claimants array can inflate its length, leading to incorrect calculations of claimantCut in the closePot function.

Impact

The presence of duplicate claimants can result in an inaccurate claimantCut calculation, leading to unfair distribution of rewards.

Tools Used

Manual Review

Recommendation

Before adding a player to the claimants array, check if they are already present to prevent duplicates. Use a mapping to track whether a player has already been added to the claimants array.

Updates

Lead Judging Commences

equious Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!