Normally, each registered user should be able to claim their pizza slice only once. After claiming, their slice entry is removed from the table, preventing further claims.
However, because the slice assignment (get_random_slice
) can be called again on an already-claimed address, the user’s entry is reinserted into the table. This allows malicious users (or mistakes by the owner) to give the same account multiple slices, breaking the “one slice per person” rule.
Likelihood:
This occurs whenever the same user is re-registered after claiming.
Because get_random_slice
is an entry
function, any user may directly call it themselves, bypassing owner control.
Impact:
A malicious user can claim multiple slices of APT, draining the pool.
The “one slice per person” fairness guarantee is broken.
A user can re-register after claiming to bypass the “one slice per person” rule and drain multiple rewards from the pool.
Restrict registration to the contract owner and enforce a check preventing re-registration after a claim.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.