MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Manager's Cut Stuck in ContestManager Contract

josh4324

Summary

In the MyCut rewards distribution protocol, the closePot() function is called through the closeContest() function in the ContestManager contract. The manager's cut of the remaining rewards pool is transferred to the msg.sender of the closePot() function, which is the ContestManager contract itself, not the actual manager. This creates a scenario where the manager’s cut becomes stuck in the ContestManager contract, as there is no mechanism in place to withdraw the funds from this contract.

Vulnerability Details

When the closePot() function is executed, it calculates the manager's cut from the remaining funds in the rewards pool. The function then attempts to transfer these funds to msg.sender, which is the address calling the function. However, the closeContest() function from the ContestManager contract is the one that calls closePot(), making the ContestManager contract the msg.sender in this context.

Since the ContestManager contract does not have any functionality to withdraw or transfer funds, the manager’s cut remains stuck in this contract with no way to recover the funds.

function closeContest(address contest) public onlyOwner {

_closeContest(contest);

}

function _closeContest(address contest) internal {

Pot pot = Pot(contest);

@> pot.closePot();

}

function closePot() external onlyOwner {

if (block.timestamp - i_deployedAt < 90 days) {

revert Pot__StillOpenForClaim();

}

if (remainingRewards > 0) {

uint256 managerCut = remainingRewards / managerCutPercent;

i_token.transfer(msg.sender, managerCut);

uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;

for (uint256 i = 0; i < claimants.length; i++) {

_transferReward(claimants[i], claimantCut);

}

Impact

Stuck Funds: The manager's cut, which is intended to reward the manager for managing the contest, will remain locked in the ContestManager contract.

Tools Used

Manual Review

Recommendations

Update the Transfer Logic: Instead of transferring the manager's cut to msg.sender, the protocol should explicitly transfer the funds to the manager’s address (which could be passed in as a parameter or stored in the contract upon contest creation).

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Owner's cut is stuck in ContestManager

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.