Mystery Box

User can send an empty reward to another user. `delete rewardsOwned[msg.sender][_index]` this resets the struct properties in Reward struct and don't delete it from the array of `rewardsOwned[msg.sender]`. For example user1 buy a box, then open it and then transfer it to user2. After that `rewardsOwned[user1][0]` will be `Reward{name: "", value: 0}` because `delete' resets the properties. If use1 tries to transfer again `rewardsOwned[user1][0]` reward it will work, therefore user2 is going to have 2 rewards an one of them is going to be empty (value: 0, name: "").

User can have many empty rewards and when tries to invoke `MysteryBox::claimAllRewards` function, the amount of gas user has to pay will be much bigger because `MysteryBox::claimAllRewards` function loops trough all rewards of an user.

function testTransferRewards_AddEmptyReward() public {

vm.deal(user1, 0.1 ether);

vm.startPrank(user1);

mysteryBox.buyBox{value: 0.1 ether}();

mysteryBox.openBox();

mysteryBox.transferReward(user2, 0);

vm.stopPrank();

​

uint256 expectedRewardsLength = 1;

vm.prank(user2);

uint256 actualRewardsLength = mysteryBox.getRewards().length;

assertEq(actualRewardsLength, expectedRewardsLength);

​

// try to add an empty reward to user2

​

vm.startPrank(user1);

mysteryBox.transferReward(user2, 0);

vm.stopPrank();

​

vm.prank(user2);

​

uint256 actualRewardsLength2 = mysteryBox.getRewards().length;

assert(actualRewardsLength2 != expectedRewardsLength);

}

```diff

​

​

​

​

```