Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Unused internal function _updateLastClaimTime in FeeCollector contract

vladislavvankov0

Summary

The FeeCollector contract defines an internal function _updateLastClaimTime(address user) intended to update a mapping that tracks the last claim timestamp for each user. However, this function is never invoked anywhere in the contract or protocol. While this does not introduce a direct security vulnerability, it represents a code quality and maintainability issue that could indicate incomplete or outdated functionality.

Vulnerability Details

Function Definition:
The function is defined as follows:

function _updateLastClaimTime(address user) internal {
lastClaimTime[user] = block.timestamp;
}
Its purpose appears to be updating the lastClaimTime mapping with the current block timestamp whenever a user claims rewards or performs an action that should be rate-limited.
Lack of Usage:
A review of the contract shows that this function is not called anywhere. The lastClaimTime mapping is declared but never updated or read from in any function, including in claimRewards or any other reward/distribution related functionality.
Implications:
- Code Clarity & Maintenance: The presence of unused code can confuse developers and auditors, as it suggests there might have been intended logic (e.g., rate-limiting claims, tracking user activity) that was never implemented or was removed from other parts of the code.
- Potential for Future Bugs: If the function was meant to be integrated into user reward logic and later omitted by mistake, future changes may inadvertently reintroduce vulnerabilities or inconsistencies in reward calculations.

Impact

Since the function is internal and not used anywhere, it does not affect the core functionality or security of the protocol. However, it contributes to unnecessary code bloat and may lead to misunderstandings about the intended behavior of the reward claim process.

Tools Used

Manual review

Recommendations

Remove the Unused Function:
If there is no planned usage for _updateLastClaimTime, it is best to remove it from the contract to simplify the codebase.
Integrate if Intended:
If the function was intended to update claim timestamps (for example, to enforce cooldown periods between claims or for audit purposes), update the relevant functions (such as claimRewards) to call _updateLastClaimTime(user) appropriately.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

_updateLastClaimTime not properly used to track rewards claim time

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!