MyCut

Summary

The issue identified pertains to the createContest function, where no checks are implemented to prevent duplicate player entries in the players array. This oversight could result in unfair reward distribution, as a single player could potentially receive multiple shares of the reward, leading to an imbalance in the contest outcomes.

Vulnerability Details

The createContest function is responsible for initializing a new contest by accepting the following parameters:

• players: An array containing the addresses of the participants.

• rewards: An array containing the reward amounts corresponding to each player.

• token: The ERC-20 token to be used for the rewards.

• totalRewards: The total amount of tokens allocated for the contest.

However, the function does not include any mechanism to check for duplicate addresses within the players array. This can lead to situations where:

• A single player is listed multiple times in the players array.

• The player receives multiple shares of the reward, thereby skewing the distribution and disadvantaging other participants.

Impact

Unfair Distribution: Duplicate entries could result in a single player receiving an outsized portion of the rewards, creating an unfair contest.

Tools Used

Manual Review

Recommendations

Add a check within the createContest function to ensure that no duplicate addresses exist in the players array.