Submission Details
Severity:
The rewardPool, which is a core component of the Protocol, is initialized in the constructor, but the list is not used within the Protocol.
In the constructor is initialized the `rewardPool` list. But this list is not using in the protocol function which is gas consuming. This part can be remove from constructor.
constructor() payable {
owner = msg.sender;
boxPrice = 0.1 ether;
require(msg.value >= SEEDVALUE, "Incorrect ETH sent");
// Initialize with some default rewards
rewardPool.push(Reward("Gold Coin", 0.5 ether));
rewardPool.push(Reward("Silver Coin", 0.25 ether));
rewardPool.push(Reward("Bronze Coin", 0.1 ether));
rewardPool.push(Reward("Coal", 0 ether));
}
or
Recommended Mitigation:
It can be use in openBox function:
// @audit it is only example not truly implementation
function openBox() public {
require(boxesOwned[msg.sender] > 0, "No boxes to open");
uint256 randomValue = getRandomFromOracle(); // @audit from 0 to rewardPool.length
// @audit revrite to this
boxesOwned[msg.sender] -= 1;
// @audit and here to take specific Reward from rewardPool
Reward reward = rewardPool[randomValue];
rewardsOwned[msg.sender].push(reward);
}
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
The rewards in constructor are different from the rewards in openBox
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.