Submission Details
Severity:
Duplication of rewards using when adding rewards by owner
Summary
Rewards can be duplicated unecessarily in the contract due to a missing check in addRewards function.
Vulnerability Details
Duplicate rewards can be added to the rewardPoolby the owner - no financial impact, potential gas usage impact when adding what already exists.
Impact
Duplicate rewards with potentially the same or differing values, unecessary use of gas.
Tools Used
Manual review.
Recommendations
Consider adding a check to avoid duplicate rewards, either by implementing a loop function or introducing a map for the rewards added with a require condition.
...
// Mapping to track if a reward name already exists
mapping(string => bool) public rewardExists;
...
function addReward(string memory _name, uint256 _value) public {
require(msg.sender == owner, "Only owner can add rewards");
// Check if the reward name already exists using the mapping
require(!rewardExists[_name], "Reward name already exists");
// Add the reward to the pool
rewardPool.push(Reward(_name, _value));
// Mark the reward name as existing
rewardExists[_name] = true;
}
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.