When freeBalance == 0, payout evaluates to 0. The function correctly skips the transfer and leaves claimsStarted untouched, but it still writes bountyClaimed with its unchanged value and unconditionally emits AttackerBountyClaimed(attacker, 0, ...) — a call that moved nothing succeeds silently rather than reverting.
Likelihood:
Occurs whenever the pool balance is temporarily zero when the named attacker calls this function, reachable naturally after a prior partial claim drains the balance.
Impact:
No funds move and no invariant breaks — claimsStarted is confirmed to stay false. Impact is limited to misleading off-chain indexers and a wasted storage write per call.
The PoC forces the pool balance to zero after a good-faith CORRUPTED flag, then calls claimAttackerBounty() and confirms the event fires with amount == 0 despite no revert, bountyClaimed staying at its prior value, and claimsStarted remaining false — ruling out any escalation beyond log/gas noise.
Revert early on a zero payout using the existing NothingToSweep error, removing the wasted write and misleading emission while leaving every genuine-payout path unchanged.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.