The transferReward()
function lacks validation to prevent transferring rewards to oneself, which could create unexpected behavior. Additionally, the function has a potential issue related to array manipulation and state management. Specifically, the use of delete
on an array element could lead to inconsistencies, such as leaving gaps in the array.
The function allows a user to transfer rewards to their own address, which could create redundant or unnecessary operations and possibly result in unexpected behavior. There's no validation to prevent transferring rewards back to the sender.
The function uses the delete
operation to remove an element from the rewardsOwned
array. However, delete
does not remove the element from the array but instead resets it to its default value (in this case, a zero-value Reward
struct). This creates a gap in the array, which can lead to problems if the array is iterated over later or if users expect the array to be tightly packed.
Transferring rewards to oneself may not result in an immediate vulnerability, but it introduces unnecessary complexity and could cause confusion or unexpected behavior in the contract’s state.
The array may become fragmented, with gaps where deleted elements were, leading to inefficiencies and potential errors when accessing or iterating over the array.
Manual review
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.