MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Error in the closepot function: incorrect calculation of claimantCut.

bytes1

Summary

After 90 days, the owner can close the pot and distribute the remaining tokens equally among the players who have claimed their rewards. However, the rewards are currently being calculated based on the total player count, which needs to be changed to distribute only among the players who have claimed their rewards.

Vulnerability Details

function testNoRemaningRewardsAfterClosePot() public mintAndApproveTokens {
vm.startPrank(user);
contest = ContestManager(conMan).createContest(
players,
rewards,
IERC20(ERC20Mock(weth)),
4
);
ContestManager(conMan).fundContest(0);
vm.stopPrank();
vm.startPrank(player1);
Pot(contest).claimCut();
vm.stopPrank();
vm.warp(91 days);
vm.startPrank(user);
ContestManager(conMan).closeContest(contest);
vm.stopPrank();
uint256 potbalance = ERC20Mock(weth).balanceOf(contest);
uint256 managerbalance = ERC20Mock(weth).balanceOf(user);
console.log("potbalance", potbalance);
assertEq(potbalance, 0);
}

The test failed because, after the closepot function is called by the owner, there is still a remaining balance of reward tokens in the pot contract.

Impact

Incorrect calculation of rewards will lock the reward tokens permanently in the pot contract.

Tools Used

Vscode, Foundry

Recommendations

use claimants.length for claimCut calculation

Updates

Lead Judging Commences

equious Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect distribution in closePot()

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.