MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Pot: closePot distributes remaining rewards wrong

trooper

Summary

The function closePot distributes the remaining rewards of the users that did not claim, to the users that claimed their rewards. But the calculation is done wrong, resulting in either overdistributing and therefor the call reverts, or too little gets distributed and some funds stay in the pot.

Vulnerability Details

uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}

The code distributes the remainingRewards - managerCut based on the total number of players (i_players.length). But it should calculate it based on the number of claimants.

Impact

The function either overdistributing and therefor the call reverts, or too little gets distributed and some funds stay in the pot.

Tools Used

manual review

Recommendations

Update the function to do the calculation like this:

--- a/Pot.sol.orig
+++ b/Pot.sol
@@ -54,7 +54,7 @@ contract Pot is Ownable(msg.sender) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
- uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
+ uint256 claimantCut = (remainingRewards - managerCut) / claimants.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
Updates

Lead Judging Commences

equious Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect distribution in closePot()

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.