The closePot function in the Pot contract can be called multiple times, potentially leading to unexpected reverts due to insufficient contract balance. This is because the remainingRewards variable is not set to zero after the pot is closed, allowing for repeated distribution attempts.
The closePot function does not have a mechanism to prevent multiple calls.
The remainingRewards variable is not reset to zero after distribution.
Subsequent calls to closePot will attempt to distribute rewards again, potentially failing due to insufficient funds.
Potential for multiple reward distributions, depleting the contract balance unexpectedly.
Inconsistent state where remainingRewards is non-zero but the actual balance is zero.
Manual code review
Implement a boolean flag isPotClosed to prevent multiple calls to closePot:
Reset remainingRewards to zero after distribution to ensure accurate state.
By implementing these recommendations, the contract will be more secure and resistant to potential exploits or unexpected behaviors related to multiple pot closings.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.