Submission Details
Severity:
Failed to check if totalRewards is equal to the sum of all rewards in the array.
Summary
Failed to check if totalRewards is equal to the sum of all rewards in the array.
Vulnerability Details
It is possible to create a contest where totalRewards is less than the value entered in the rewards array.
function testCreateContestManager() public mintAndApproveTokens {
vm.startPrank(user);
// Creating a contest without checking that totalRewards is equal to the sum of all rewards Ex : uint256[] rewards = [3, 1]; "4"
contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), 3);
ContestManager(conMan).fundContest(0);
vm.stopPrank();
}
Test passes.
Impact
The impact would be a failure to distribute the rewards to each user who claims them
function testTryingClaimWithNoBalance() public mintAndApproveTokens {
vm.startPrank(user);
//Creating contests and financing with a value lower than the rewards array : uint256[] rewards = [3, 1]; "4"
contest = ContestManager(conMan).createContest(players, rewards, IERC20(ERC20Mock(weth)), 3);
ContestManager(conMan).fundContest(0);
vm.stopPrank();
vm.startPrank(player1);
Pot(contest).claimCut();
vm.stopPrank();
uint256 remainingRewards = Pot(contest).getRemainingRewards();
assertEq(remainingRewards, 0);
vm.startPrank(player2);
vm.expectRevert();
Pot(contest).claimCut();
vm.stopPrank();
}
Test passes.
Tools Used
Foundry
Recommendations
Consider checking that totalRewards is equal to the sum of the rewards saved in the rewards array.
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.