In the contract, the rewards defined in the constructor and the openBox()
function are inconsistent. The constructor initializes the rewardPool
with four rewards:
Gold Coin with a value of 0.5 ether
Silver Coin with a value of 0.25 ether
Bronze Coin with a value of 0.1 ether
Coal with a value of 0 ether
However, when the user opens a box via the openBox()
function, the possible rewards and their values are not fetched from the initialized rewardPool
. Instead, the rewards are hardcoded directly into the openBox()
function with slightly different values:
Gold Coin with a value of 1 ether
Silver Coin with a value of 0.5 ether
Bronze Coin with a value of 0.1 ether
Coal with a value of 0 ether
This inconsistency in reward values can lead to confusion, unexpected behavior, and possible exploitation. The expected behavior is that the rewards listed in the constructor (and potentially updated later) should match the rewards given when opening a box.
Incorrect Reward Assignment: Users may expect rewards based on the constructor's initial setup but receive different rewards when opening a box due to the hardcoded values in the openBox()
function. This could lead to a loss of user trust and confusion regarding the contract’s mechanics.
Potential Exploitability: Since the reward values are hardcoded in openBox()
, a malicious actor or even a legitimate owner might exploit this inconsistency by altering the constructor or reward setup while maintaining hardcoded values in openBox()
. For example, the owner could set high-value rewards in the constructor to entice users, but users will receive lower rewards when opening boxes.
User Mistrust: The system is opaque and confusing for users, as the contract advertises different rewards than what it actually delivers when opening a box. This discrepancy could harm the contract’s reputation and cause loss of users.
Manual Review
Unify Reward Assignment Logic: The reward values in openBox()
should reference the rewardPool
set in the constructor (or updated later via addReward()
). Instead of hardcoding the reward values directly in openBox()
, fetch rewards dynamically from the rewardPool
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.