Submission Details
Severity:
Incorrect assginment of userRewards in FeeCollector::claimRewards() after claiming rewards
Summary
Incorrect assginment of userRewards[user] in FeeCollector::claimRewards() after claiming rewards
Vulnerability Details
FeeCollector::claimRewards() if used for user to claim reward fee from feeCollector contract. state varible userRewards[user] stores each user's updated reward share. However it is incorrectly assigned as totalDistributed:
function claimRewards(address user) external override nonReentrant whenNotPaused returns (uint256) {
if (user == address(0)) revert InvalidAddress();
uint256 pendingReward = _calculatePendingRewards(user);
if (pendingReward == 0) revert InsufficientBalance();
// Reset user rewards before transfer
userRewards[user] = totalDistributed; //@audit
// Transfer rewards
raacToken.safeTransfer(user, pendingReward);
emit RewardClaimed(user, pendingReward);
return pendingReward;
}
Impact
user may not be able to claim rewards because of the incorrect assignment
Tools Used
manual
Recommendations
consider change the userRewards[user] to updated share.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.