MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Players could claim their rewards even when the pot is closed.

YanPitrik

Summary

There is possible for players to claim their rewards even after owner of protocol call closePot function.

Vulnerability Details

According to protocol documentation, there is allowed for claimants 90 days to claim before the manager close the pot. However, there is no check for time passed inside the Pot:claimCutfunction and due to another bugs in closePotfunction, there will still be balance after pot is closed.

PoC

Add following to test file and run test.

function testPlayerCouldClaimAfterPotClosed() public mintAndApproveTokens {

address player3 = makeAddr("player3");

address player4 = makeAddr("player4");

address player5 = makeAddr("player5");

address player6 = makeAddr("player6");

address player7 = makeAddr("player7");

players = [player1, player2, player3, player4, player5, player6, player7];

rewards = [50, 20, 60, 40, 35, 55, 99];

totalRewards = 1000;

vm.startPrank(user);

contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), totalRewards);

ContestManager(conMan).fundContest(0);

vm.stopPrank();

vm.prank(player1);

Pot(contest).claimCut();

vm.prank(player3);

Pot(contest).claimCut();

vm.warp(91 days);

vm.prank(user);

ContestManager(conMan).closeContest(contest);

// claiming after pot is closed

vm.prank(player2);

Pot(contest).claimCut();

vm.prank(player6);

Pot(contest).claimCut();

}

Impact

Players could still claim their rewards when pot is closed.

Tools Used

Manual review.

Recommendations

Add some check to claimCutfunction to prevent claiming after pot is closed.

++ error Pot__PotIsClosed();

function claimCut() public {

++ if (block.timestamp > i_deployedAt + 90 days) {

++ revert Pot__PotIsClosed();

++ }

address player = msg.sender;

uint256 reward = playersToRewards[player];

if (reward <= 0) {

revert Pot__RewardNotFound();

}

playersToRewards[player] = 0;

remainingRewards -= reward;

claimants.push(player);

_transferReward(player, reward);

}

Updates

Lead Judging Commences

equious Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.