MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential Denial of Service Due to Mismatch Between Sum of Rewards and Total Rewards

a1111198

Summary:

High Severity: The contract does not validate that the sum of all individual rewards equals the total reward (i_totalRewards). If the sum of the rewards is greater than i_totalRewards, this discrepancy can cause an overflow, leading to a denial-of-service (DoS) condition in the claimCut function. This would prevent the last player from claiming their reward and could lead to locked funds.

Vulnerability Details:

In the Pot contract, rewards are assigned to players without checking whether the sum of all rewards (i_rewards array) equals the i_totalRewards. If the sum of the i_rewards is greater than i_totalRewards, an overflow will occur when players claim their rewards. The function claimCut decreases remainingRewards by the player's reward amount, and if remainingRewards becomes negative (underflow in Solidity's unsigned integer), the function will revert, causing a DoS for subsequent claims.

Impact:

The impact of this vulnerability includes:

Denial of Service (DoS): If the sum of rewards is greater than i_totalRewards, the claimCut function will revert when trying to subtract a player's reward from remainingRewards. This prevents subsequent claims, particularly affecting the last player.
Locked Funds: If the contract reverts during the claim process, some players may be unable to claim their rightful rewards, leading to potential loss of funds.
Overflow Risk: An overflow in reward calculations can lead to unintended behaviors, potentially affecting the integrity of the contract's operations.

Tools Used:

Manual Review

Recommendations:

To mitigate this issue, add a validation check in the constructor to ensure that the sum of all individual rewards (i_rewards) matches the i_totalRewards. This check will prevent any discrepancies and avoid the risk of overflow or DoS conditions.

Updated Constructor with Validation Check:

constructor(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards) {

uint256 sumRewards = 0;

for (uint256 i = 0; i < rewards.length; i++) {

sumRewards += rewards[i];

}

require(sumRewards == totalRewards, "Sum of rewards does not equal total rewards");

}

By adding this validation, the contract ensures the sum of individual rewards matches the total reward, preventing overflow and DoS conditions during the claim process. This safeguard maintains the integrity and reliability of the contract's reward distribution mechanism.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.