Submission Details
Severity:
closePot accounting issue - > i_players.length
Summary
in the function closePot(), after the managerCut is transfered, claimantCut is calculated using (remainingRewards - managercut) / i_players.length. Then the function continues to only distributed counting the claimants.length in a loop.
Vulnerability Details
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
/// Manager cut = remaining balance / 10%
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
/// claimants.length should be used instead of i_players.length
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Impact
issue in distribution and loss of funds locked in contract.
Tools Used
forge
Recommendations
use uint256 claimantCut = (remainingRewards - managerCut) / claimants.length(); insteal of i_players.length since only claimants receive the rewards.
Updates
Lead Judging Commences
equious about 1 year ago
Submission Judgement Published Assigned finding tags:
Incorrect distribution in closePot()
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.