Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Update last claim is never updated in fee collector

vs_

Summary

Update last claim is never updated in fee collector due to which there is no minimum time required for two successive claiming of rewards.

Vulnerability Details

Following is last claim time mapping

mapping(address => uint256) private lastClaimTime;

This is essentially needed to be used as to prevent consective claiming of rewards from the user. But currently it is not implemented anywhere in the code.
Plus there is update last claim time function which updates this mapping for the user but that function is not called anywhere in the contract. Ideally last claim time should have been called when user claims rewards but currently is not done.

function _updateLastClaimTime(address user) internal {
lastClaimTime[user] = block.timestamp;
}

Impact

Not time gap between claiming of rewards

Tools Used

Recommendations

Call this function in claim rewards function

function claimRewards(address user) external override nonReentrant whenNotPaused returns (uint256) {
if (user == address(0)) revert InvalidAddress();
uint256 pendingReward = _calculatePendingRewards(user);
if (pendingReward == 0) revert InsufficientBalance();
// Reset user rewards before transfer
userRewards[user] = totalDistributed;
// Transfer rewards
raacToken.safeTransfer(user, pendingReward);
===>>> _updateLastClaimTime(address user);
emit RewardClaimed(user, pendingReward);
return pendingReward;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

_updateLastClaimTime not properly used to track rewards claim time

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.