MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Integer Overflow in the `Pot::claimCut` function.

mishraji874

Description: The Pot::claimCut function updates the remainingRewards by subtracting the reward amount without explicitly checking for underflow. Although Solidity 0.8+ includes built-in overflow and underflow checks, ensuring logic correctness is crucial for clarity and future-proofing the code.

Impact: If there were any logic errors or changes in Solidity's behavior, subtracting a larger reward than remainingRewards could lead to an underflow, resulting in incorrect state updates and potentially allowing more rewards to be claimed than available.

Proof of Concept:

function claimCut() public {
address player = msg.sender;
uint256 reward = playersToRewards[player];
if (reward <= 0) {
revert Pot__RewardNotFound();
}
playersToRewards[player] = 0;
remainingRewards -= reward; // Potential underflow if not checked
claimants.push(player);
_transferReward(player, reward);
}

If remainingRewards is less than reward, the subtraction would underflow in versions prior to Solidity 0.8. However, in Solidity 0.8+, this would revert automatically.

Recommended Mitigation: Although Solidity 0.8+ handles this automatically, it's a good practice to ensure the logic is clear and robust:

require(remainingRewards >= reward, "Insufficient remaining rewards");
remainingRewards -= reward;
Updates

Lead Judging Commences

equious Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.