Submission Details
Severity:
No check in place to detect duplicate rewards being added to the rewards pool
## Summary
The `addReward()` function allows the owner to add new rewards to the `rewardPool`. However, there is no check in place to prevent the addition of duplicate rewards. This could result in multiple identical rewards being added to the pool, which may not be the intended behavior and could lead to issues when distributing rewards.
## Vulnerability Details
Currently, the `addReward()` function does not verify whether a reward with the same name and value already exists in the `rewardPool`. This lack of validation could result in duplicate rewards being added, which might affect the reward distribution logic and overall contract behavior. For example, the same reward could be assigned multiple times, skewing the intended probabilities.
### Example of the Problem:
If an owner mistakenly or intentionally adds a reward with the same name and value multiple times, the `rewardPool` could end up with several identical entries, leading to unintended behavior when rewards are selected.
```diff
function addReward(string memory _name, uint256 _value) public {
require(msg.sender == owner, "Only owner can add rewards");
// Check for duplicate rewards
+ for (uint256 i = 0; i < rewardPool.length; i++) {
+ require(
+ keccak256(abi.encodePacked(rewardPool[i].name)) != keccak256(abi.encodePacked(_name)) ||
+ rewardPool[i].value != _value,
+ "Reward already exists"
+ );
+ }
rewardPool.push(Reward(_name, _value));
}
```
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.