Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect resetting of userRewards in `FeeCollector.sol`

modey

Summary

user rewards gets reset to totalDistributedin FeeCollector::claimRewards

Vulnerability Details

The user reward gets reset to : userRewards[user] = totalDistributedafter every call to claimRewardsfunction. this is inaccurate.

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/collectors/FeeCollector.sol#L206

Impact

wrong accounting

Tools Used

Manual Review

Recommendations

Rewards should be reset correctly

Updates

Lead Judging Commences

inallhonesty Lead Judge
9 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!