`claimRewards` prevents users from claiming rewards more than once
Summary
claimRewards bricks after the first claim.
Vulnerability Details
Inside claimRewards after claiming the rewards we set the keeper value (userRewards[user]) to totalDistributed.
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/FeeCollector.sol#L199
Where in such math generally userRewards[user] s the value of rewards the user has claimed up to now and it's used to determine the rewards he should receive in the future, as seen here:
However the issue in our case is that this value is set to totalDistributed which is 100% of the rewards that are to be distributed to all users. This will prevent our user from claiming again as the above code will always return 0.
Example:
10 users, each should get 100 tokens, as each controls 10% of the voting power
mid way user one calls
claimRewardsand claims 50 tokens, butuserRewards[user]is set to1000This user would not be able to claim again
Impact
User will only be able to claim a one, meaning that claims that don't claim 100% of the rewards will leave rewards stuck.
This will be even worse if there are multiple reward cycles.
Tools Used
Manual review
Recommendations
Consider setting userRewards to the actual amount claimed by the user.
Lead Judging Commences
FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.