Insufficient Claim checks
Summary
The issue identified in the PriorityPool.sol contract, specifically at line 305 in the claimSDLTokens function, revolves around insufficient claim checks. The contract does not enforce explicit validation to ensure that the values amountToClaim and sharesAmountToClaim are non-negative (i.e., greater than 0). This omission could potentially lead to incorrect or manipulated token claims, if these values were somehow set to negative or bypass logical checks.
Impact
-
Risk of Incorrect Token Claims: If
amountToClaimorsharesAmountToClaimare negative or improperly manipulated, it could result in users claiming an incorrect amount of tokens, which might lead to over-claiming or under-claiming. In extreme cases, it could facilitate exploitation, where malicious users could receive more tokens than they are entitled to or siphon tokens from the pool. -
Financial Loss: If exploited, this flaw could lead to a significant financial loss for the contract, harming its sustainability and negatively impacting its users and token holders.
-
Trust and Security: The absence of such basic validation could undermine trust in the system, as it exposes a critical oversight in ensuring claim integrity.
Recommendations
To prevent this issue, a simple yet effective fix can be implemented by adding checks to ensure that:
-
amountToClaim > 0
-
sharesAmountToClaim > 0
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.