Submission Details
Severity:
Missing return statement in `MembershipERC1155.sol::saveProfit` function leading to no profit claim
Summary
No return statement in function MembershipERC1155.sol::saveProfit. As a result function may not return the calculated profit as intended, leading to no claim of user profit.
Vulnerability Details
MembershipERC1155.sol::saveProfit::182-187lines
/// @notice Updates profit tracking after a claim
/// @param account The account updating profits for
/// @return profit The updated saved profit
function saveProfit(address account) internal returns (uint256 profit) {
uint256 unsaved = getUnsaved(account);
lastProfit[account] = totalProfit;
profit = savedProfit[account] + unsaved;
savedProfit[account] = profit;
}
Impact
User cannot claim profit in function `MembershipERC1155.sol::claimProfit` as line 146 in MembershipERC1155.sol will revert with "No profit available" error.
function claimProfit() external returns (uint256 profit) {
profit = saveProfit(msg.sender);
require(profit > 0, "No profit available");
savedProfit[msg.sender] = 0;
IERC20(currency).safeTransfer(msg.sender, profit);
emit Claim(msg.sender, profit);
}
Tools Used
Manual code review
Recommendations
Add return statement and return profit calculated in this function.
/// @notice Updates profit tracking after a claim
/// @param account The account updating profits for
/// @return profit The updated saved profit
function saveProfit(address account) internal returns (uint256 profit) {
uint256 unsaved = getUnsaved(account);
lastProfit[account] = totalProfit;
profit = savedProfit[account] + unsaved;
savedProfit[account] = profit;
++ return profit;
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.