The design of the claim
function allows third parties to submit claims for any user. Although tokens are transferred to the intended recipient, this behavior could lead to unexpected transaction activity and potential operational issues.
Location: claim
function
Issue: Accepting a user
parameter lets anyone trigger a claim for any address if they supply a valid proof.
Risk: This may be exploited to spam or front-run claims, increasing gas costs or causing confusion for token holders.
Could lead to a degraded user experience due to unnecessary or repeated claim transactions.
May result in increased network congestion or higher transaction fees for affected users.
Code review
Manual static analysis
Evaluate whether claim submissions should be restricted to the token holder (using msg.sender
) rather than allowing third-party initiation.
If the open design is intentional, document the behavior clearly so that users and integrators are aware of the implications.
Consider implementing notification mechanisms to alert users when a claim is executed on their behalf.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.