MyCut

First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Player can still claim from pot after owner calls closePot

Summary

A player can still claim their cut from the Pot contract even after the closePot function has been called by the owner. This vulnerability is caused by a few scenarios:

  1. There are no checks in the claimCut function to ensure that the pot is still open for claim before proceeding.

  2. There might be remaining funds left in the pot due to integer division precision loss.

Vulnerability Details

The vulnerability lies in the claimCut function, line 54 and line 57 of the Pot contract.

Due to integer division precision loss, managerCut and claimantCut could both result in value of 0, leaving remaining funds left in the Pot contract.

In addition, the claimCut function does not enforce a check that that the pot is still open for claim at the start of the function, allowing players who have not claimed yet to still proceed to do so even after the closePot function is called by the owner.

Proof of Concept

Working Test Case

function testClaimCutAfterClosePot() public mintAndApproveTokens {
address player3 = makeAddr("player3");
players = [player1, player2, player3];
rewards = [5, 4, 1];
totalRewards = 10;
// Create contest and fund pot
vm.startPrank(user);
contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), totalRewards);
ContestManager(conMan).fundContest(0);
vm.stopPrank();
// Player 1 and player 2 claim their cut
vm.startPrank(player1);
Pot(contest).claimCut();
vm.stopPrank();
vm.startPrank(player2);
Pot(contest).claimCut();
vm.stopPrank();
// Close pot
vm.warp(91 days);
vm.startPrank(user);
ContestManager(conMan).closeContest(contest);
vm.stopPrank();
// Player 3 tries to claim their cut and succeeds
assertEq(ERC20Mock(weth).balanceOf(player3), 0);
assertEq(Pot(contest).checkCut(player3), 1);
vm.startPrank(player3);
Pot(contest).claimCut();
assertEq(ERC20Mock(weth).balanceOf(player3), 1);
vm.stopPrank();
}

Impact

The result of this vulnerability would lead to an unexpected behavior when players can still claim from the pot after it is closed.

Tools Used

Foundry, manual review

Recommended Mitigation

In the claimCut function, there should be a check at the beginning of the function to determine if the pot is still open to claim. The function should not proceed if 90 days has passed since the pot's creation time.

Updates

Lead Judging Commences

equious Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.