Submission Details
Severity:
Function claimCut() can still be claimed after closePot()
Summary
Pot.sol -> claimCut() does not check if pot is closed, nor is there any checks / have requirement states that save the pot claim status.
Vulnerability Details
claimCut() can be called after closePot() is called, making the idea of closing a pot ineffective. In the closePot() The line uint256 claimantCut uses the i_players.length instead of claimants.length , leaving funds in the account if someone did not claim within the 90days. the claimant can then call the claimCut() if there is enough funds in the account.
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
/// Manager cut = remaining balance / 10%
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
Impact
Accounting issue, loss of funds.
Tools Used
forge
Recommendations
add a state variable saving the state of the potStatus. ie. openForClaims = true / false. add a requirement on both closePot() and claimCut()
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.