BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

totalWinnerShares Double Counted if User Joined Multiple Times

stevenalenga

Risk

Likelihood

Users joining multiple times before winner is set.

Impact

Inflated totalWinnerShares, leading to reduced withdrawal amounts for all winners.

Reference Files

src/briVault.sol

Description

Normally, each participant should be counted once in calculating winner shares to ensure fair proportional payouts.
The problem is that usersAddress can have duplicates if users join multiple times, causing shares to be summed multiple times in _getWinnerShares, inflating totalWinnerShares and reducing individual payouts.

for (uint256 i = 0; i < usersAddress.length; ++i){

address user = usersAddress[i];

totalWinnerShares += userSharesToCountry[user][winnerCountryId]; // @> Sums for duplicates

}

Proof of Concept

User1 joins twice, leading to double-counting of shares when winner is set.

function testDoubleCountingWinnerShares() public {

vm.startPrank(owner);

briVault.setCountry(countries);

vm.stopPrank();

vm.startPrank(user1);

mockToken.approve(address(briVault), 5 ether);

briVault.deposit(5 ether, user1);

briVault.joinEvent(1); // Joins country 1

briVault.joinEvent(2); // Joins country 2, user1 in usersAddress twice

vm.stopPrank();

vm.warp(eventEndDate + 1);

vm.startPrank(owner);

briVault.setWinner(2); // Winner country 2, totalWinnerShares counts user1's shares twice

vm.stopPrank();

// totalWinnerShares = 10 instead of 5, reducing payouts

}

Recommended Mitigation

Ensure unique participants in usersAddress.

+ mapping(address => bool) public isParticipant;

+ // In joinEvent, instead of usersAddress.push(msg.sender);

+ if (!isParticipant[msg.sender]) {

+ usersAddress.push(msg.sender);

+ isParticipant[msg.sender] = true;

+ }

Updates

Appeal created

bube Lead Judge 16 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Duplicate registration through `joinEvent`

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!