MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Attempts to claim from pot would fail before pot is funded

0xwhyzee

Summary

When a player calls claimCut before the pot is funded, their attempt would fail without knowing the reason behind it.

Vulnerability Details

The vulnerability lies in the claimCut function.

A player can call this function to claim their rewards before the pot is funded but it would lead to a failed transaction due to arithmetic underflow.

Proof Of Concept

Working test case

function testClaimCutBeforeFundContest() public mintAndApproveTokens {
players = [player1, player2];
rewards = [33, 37];
totalRewards = 70;
vm.startPrank(user);
contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), totalRewards);
vm.stopPrank();
// Player 1 claimCut but failed
vm.startPrank(player1);
vm.expectRevert();
Pot(contest).claimCut();
vm.stopPrank();
}

Impact

The vulnerability leads to failed attempts from users claiming from the pot without knowing the actual reason behind it.

Tools Used

Foundry, manual review

Recommended Mitigation

To mitigate this vulnerability, there should be a require statement check at the beginning of the claimCut function to check that the pot is funded before proceeding.

function claimCut() public {
...
+ require(i_token.balanceOf(address(this)) > 0, "Pot has no funds");
...
}
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.