Insufficient balance to claim rewards
Summary
The smart contract may not have a sufficient balance to cover the rewards when certain conditions are met.
Vulnerability Details
The contract's minimum starting balance is 0.1 ETH.
If the first user deposits 0.1 ETH to buy a box and subsequently opens it to receive a Silver Coin or Gold Coin reward, their reward would be 0.25 ETH or 0.5 ETH, respectively, which exceeds the contract's balance.
This issue can persist at various points during the contract's lifetime whenever the rewards exceed the available balance.
Impact
This vulnerability could prevent users from withdrawing their rewards, undermining the entire game's mechanics and potentially causing dissatisfaction among users.
Tools Used
Manual Inspection
Foundry
Recommendations
Modify the
openBoxfunction to ensure that rewards are calculated relative to the contract's balance, avoiding situations where the rewards exceed available funds.Require a minimum number of users to buy boxes (X users) before anyone is allowed to open a box or claim rewards, ensuring enough funds are available for payouts.
Appeal created
Protocol should have a higher initial balance to prevent prize withdrawing problems
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.