`_updateLastClaimTime` internal function is never called in `claimRewards` function in FeeCollector contract, not updating `lastClaimTime` storage mapping as it should.
Summary
FeeCollector contract defines a lastClaimed storage mapping that maps users and timestamp of the last reward claim.
A dedicated _updateLastClaimTime internal function is defined but never used:
The problem arises because claimRewards function doesn't call this function while it should. This means lastClaimeTime mapping is never updated during claims.
Also, lastClaimTime is private, used nowhere else and there is no getter for it, which means it is basically useless with the current design.
Vulnerability Details
Omission to call an internal function in the claimRewards function that updates a storage mapping tracking the last claim time for users.
Impact
The impact of this issue is low.
Tools Used
Manual review.
Recommendations
Make sure to call _updateLastClaimTime in claimRewards and make lastClaimTime public.
Lead Judging Commences
_updateLastClaimTime not properly used to track rewards claim time
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.