A player can still claim their cut from the Pot
contract even after the closePot
function has been called by the owner. This vulnerability is caused by a few scenarios:
There are no checks in the claimCut
function to ensure that the pot is still open for claim before proceeding.
There might be remaining funds left in the pot due to integer division precision loss.
The vulnerability lies in the claimCut
function, line 54 and line 57 of the Pot
contract.
Due to integer division precision loss, managerCut
and claimantCut
could both result in value of 0, leaving remaining funds left in the Pot
contract.
In addition, the claimCut
function does not enforce a check that that the pot is still open for claim at the start of the function, allowing players who have not claimed yet to still proceed to do so even after the closePot
function is called by the owner.
The result of this vulnerability would lead to an unexpected behavior when players can still claim from the pot after it is closed.
Foundry, manual review
In the claimCut
function, there should be a check at the beginning of the function to determine if the pot is still open to claim. The function should not proceed if 90 days has passed since the pot's creation time.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.