MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Incorrect Calculation of Claimant’s Share `Pot::claimantCut` in `Pot::closePot` Function

Dec3mber

Summary

The Pot::closePot function incorrectly calculates the share of rewards to be distributed to claimants. Instead of dividing the remaining rewards by the number of actual claimants, it incorrectly uses the total number of players. This mistake could lead to an inaccurate distribution of rewards, where claimants receive less than they are entitled to.

Vulnerability Details

In the Pot::closePot function, the calculation of each claimant's share is incorrectly performed using the total number of players Pot::i_players.length rather than the actual number of claimants Pot::claimants.length:

uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;

Impact

Underpayment to Claimants: The incorrect calculation can result in claimants receiving less than they are entitled to.
Residual Rewards: The miscalculation could leave residual rewards in the contract, creating an inconsistency where not all funds are correctly distributed or claimed.

Tools Used

Manual Review

Recommendations

Correct the calculation in the Pot::closePot function to ensure that rewards are distributed based on the actual number of claimants:

function closePot() external onlyOwner {

if (block.timestamp - i_deployedAt < 90 days) {

revert Pot__StillOpenForClaim();

}

if (remainingRewards > 0) {

uint256 managerCut = remainingRewards / managerCutPercent;

i_token.transfer(msg.sender, managerCut);

- uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;

+ uint256 claimantCut = (remainingRewards - managerCut) / claimants.length;

for (uint256 i = 0; i < claimants.length; i++) {

_transferReward(claimants[i], claimantCut);

}

This change ensures that only those who have actually claimed their rewards are considered in the distribution, leading to a fair and accurate allocation of the remaining rewards.

Updates

Lead Judging Commences

equious Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Incorrect distribution in closePot()

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.