The constructor does not validate that the `players` and `rewards` arrays have the same length. This can result in rewards being assigned to incorrect players or some players not receiving any reward at all, breaking the integrity of the reward distribution logic.

​

This Proof of Concept demonstrates that the contract allows the creation of a Pot where the players and rewards arrays have different lengths.

​

function test_PoC_ArrayLengthMismatch() public {

address;

players[0] = address(0x1);

players[1] = address(0x2);

​

uint256;

rewards[0] = 1 ether;

​

// ❌ Should revert, but does not

Pot pot = new Pot(players, rewards, token, 1 ether);

​

// Player[1] gets no reward assigned

assertEq(pot.checkCut(players[1]), 0);

​

}

To prevent incorrect reward assignment, the constructor should enforce that the players and rewards arrays have the same length. Without this validation, rewards may be assigned inconsistently or omitted entirely, leading to broken distribution logic and potential loss or locking of funds. Adding a strict length check ensures a correct one-to-one mapping between players and their respective rewards at deployment.