Users Unable to Claim Rewards After First Claim Due to Incorrect Reward Tracking
Summary
The `claimRewards()` function incorrectly updates `userRewards[user]`, causing users to lose access to unclaimed rewards and preventing them from claiming rewards after their first claim.
Vulnerability Details
In the claimRewards() function, the contract incorrectly updates userRewards[user] by setting it to totalDistributed instead of properly updating it with the claimed rewards:
Since totalDistributed represents the total rewards distributed to all users, this could lead to incorrect calculations in _calculatePendingRewards() for subsequent claims:
As a result, users lose access to unclaimed rewards.
Note: Suppose a user is eligible for 1% of totalDistributed. Their pendingReward will remain 0 until totalDistributed increases 100 times.
Impact
Users will be unable to claim any further rewards after their first claim.
Tools Used
vscode
Recommendations
Just add the pendingReward:
Lead Judging Commences
FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.