Submission Details
Severity:
Unmatch reward between the actual reward and the reward pool
Summary
Unmatch reward between the actual reward and the reward pool
Vulnerability Details
In constructor, we define several rewards, Gold Coin, Silver Coin, Bronze Coin, and Coal Coin and the related rewards.
The problem is that when we open one box, the Gold Coin's rewards does not follow the rewardPool's reward amount.
constructor() payable {
owner = msg.sender;
boxPrice = 0.1 ether;
require(msg.value >= SEEDVALUE, "Incorrect ETH sent");
// Initialize with some default rewards
@> rewardPool.push(Reward("Gold Coin", 0.5 ether));
rewardPool.push(Reward("Silver Coin", 0.25 ether));
rewardPool.push(Reward("Bronze Coin", 0.1 ether));
rewardPool.push(Reward("Coal", 0 ether));
}
function openBox() public {
require(boxesOwned[msg.sender] > 0, "No boxes to open");
// Generate a random number between 0 and 99
// @audit-ok the random value can be calculated. Users can open box in one specific timestamp to get one higher value to get more rewards.
// randomeValue's range is from 0 - 99.
uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;
// Determine the reward based on probability
if (randomValue < 75) {
// 75% chance to get Coal (0-74)
rewardsOwned[msg.sender].push(Reward("Coal", 0 ether));
}
Impact
Users may claim more rewards than rewardPool's setting.
Tools Used
Manual
Recommendations
When we open the box, we should get the related rewards amount from the rewardPool.
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
The rewards in constructor are different from the rewards in openBox
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.