Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Reward Reclaim Bug in claimRewards()

abhan

Summary

The claimRewards() function allows users to repeatedly claim the same rewards within the same period due to a missing update to their last claim timestamp or reward balance. This enables them to drain the reward pool unfairly.

Vulnerability Details

The function claimRewards() calls _calculatePendingRewards() to determine the rewards owed to a user.

However, after transferring the rewards, the contract does not update the user's last claim time or reduce the pending rewards.
This allows a user to call claimRewards() multiple times within the same period and receive the same rewards repeatedly.

Impact

Users can repeatedly claim rewards, leading to an unfair distribution and rapid depletion of the reward pool.

Tools Used

Manual code review

Recommendations

Update last claim timestamp after rewards are transferred.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.