MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unchecked empty `players` array leads to gas wastage and Potential logic errors.

oxenzo

Description:

The players array is a critical component in the contract's reward distribution logic. However, the code does not verify if the players array is empty before attempting to distribute rewards. This oversight can lead to unnecessary gas consumption as the contract may execute a loop with zero iterations, and in some cases, it could cause logic errors if the code assumes the presence of players.

constructor(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards) {

i_players = players;

i_rewards = rewards;

i_token = token;

i_totalRewards = totalRewards;

remainingRewards = totalRewards;

i_deployedAt = block.timestamp;

@> for (uint256 i = 0; i < i_players.length; i++) {

@> playersToRewards[i_players[i]] = i_rewards[i];

@> }

}

Impact:

Gas Wastage: When the players array is empty, the contract will still execute the loop for reward distribution, resulting in wasted gas with no actual rewards being distributed.
Logic Errors: Depending on the contract’s logic, the absence of players could lead to unexpected behavior or malfunction, especially if the contract is designed to always operate with non-empty player data.

Proof of Concept:

From the description code above. If the players.length==0, the loop executes zero times, leading to gas wastage and potential logic issues.

Recommended Mitigation:

Introduce a validation check at the beginning at the beginning of the reward distribution process to ensure that the players array is not empty.

constructor(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards) {

i_players = players;

i_rewards = rewards;

i_token = token;

i_totalRewards = totalRewards;

remainingRewards = totalRewards;

i_deployedAt = block.timestamp;

for (uint256 i = 0; i < i_players.length; i++) {

+ require(i_players.length > 0, "No players to distribute rewards to.");

playersToRewards[i_players[i]] = i_rewards[i];

}

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.