MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Insufficient `totalRewards` in `ContestManager::createContest`

forgetfore1

Summary

The function ContestManager::createContest allows the contract owner to create a contest with a totalRewards amount that is less than the sum of all players' rewards. This discrepancy can result in one or more players being unable to withdraw their rewards, potentially causing a denial of service for those players.

Vulnerability Details

In the ContestManager::createContest function, there is no validation to ensure that the totalRewards amount is greater than or equal to the sum of the rewards allocated to each player (sum(rewards[])). Without this validation, the contract could be funded with insufficient tokens to cover all promised rewards, leading to failed withdrawal attempts by some players.

Proof of Concept (PoC)

Consider the following scenario:

The owner calls the ContestManager::createContest function with the following parameters:
- rewards = {1e18, 2e18, 3e18}
- totalRewards = 3e18

In this case, the sum of the rewards (1e18 + 2e18 + 3e18 = 6e18) exceeds the totalRewards amount of 3e18. If the contract is funded with only 3e18, the first player to withdraw their reward will succeed, but subsequent players will encounter a transaction revert due to insufficient funds in the contract.

Impact

The impact of this vulnerability is significant:

Loss of Funds: Players may be unable to withdraw their allocated rewards, leading to potential financial losses.
Denial of Service: Affected players could be locked out from accessing their funds, resulting in a denial of service.
Reputation Risk: The platform's reputation may suffer if users are unable to trust that their rewards will be fully disbursed.

Tools Used

Manual code review.

Recommendations

To mitigate this vulnerability, it is recommended to add a validation check inside the ContestManager::createContest function to ensure that the totalRewards amount is greater than or equal to the sum of the rewards:

function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)

public

onlyOwner

returns (address)

{

+ require(totalRewards >= sum(rewards), "Total rewards must be greater than or equal to the sum of all player rewards");

// Create a new Pot contract

for(uint i = 0; i ++; i++)

Pot pot = new Pot(players, rewards, token, totalRewards);

contests.push(address(pot));

contestToTotalRewards[address(pot)] = totalRewards;

return address(pot);

}

This check will ensure that the totalRewards is always sufficient to cover the sum of the rewards allocated to players, preventing the described issue.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.