- `claimAttackerBounty()` has no delay or grace period between the moment `flagOutcome` flags a good-faith CORRUPTED outcome and the named attacker's eligibility to claim. - The named attacker can call `claimAttackerBounty()` in the very next transaction after the flag lands, draining the entire snapshot (stake + bonus) immediately.
Likelihood:
A moderator flagging good-faith CORRUPTED must supply an attacker address by hand; address typos/copy-paste errors are a common, realistic class of on-chain mistake.
OutcomeFlagged is a public event, so any party is capable of monitoring for a flag and reacting instantly if the named address is claimable by them.
Impact:
The entire pool (stakers' principal + bonus, not just the attacker's fair bounty) can be drained in the transaction immediately following the flag.
Because claimAttackerBounty sets claimsStarted = true on any nonzero payout, flagOutcome's re-flag guard permanently blocks any moderator correction from that point on — there is no recovery path once a single claim has landed.
This test stakes 100 ETH (alice) and 50 ETH (bob), contributes 30 ETH bonus (carol), then transitions the registry through UNDER_ATTACK to CORRUPTED. The moderator flags good-faith CORRUPTED naming attacker with zero elapsed time and no grace period. attacker immediately calls claimAttackerBounty() in the very next call and receives the full 180 ETH pool (100 + 50 stake + 30 bonus). The final assertion confirms the moderator can no longer correct this via a re-flag to SURVIVED, since claimsStarted is already true.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.