MyCut
AI First Flight #8
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Critical Division Error Causes Manager to Receive 10x Intended Rewards

paktiko

Root + Impact

Description

In the closePot() function, the manager cut calculation incorrectly divides remainingRewards by managerCutPercent (10) instead of multiplying by 10 and dividing by 100. This results in the manager receiving 10% of remaining rewards (remainingRewards/10) which is actually 10 times more than the intended 1% (10% of 10%). For example, if 1000 tokens remain, the manager receives 100 tokens (10%) instead of 10 tokens (1%).

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent; // BUG: Should be (remainingRewards * managerCutPercent) / 100
i_token.transfer(msg.sender, managerCut);
// ...
}
}

Risk

Impact:

The manager (ContestManager owner) receives 10 times more rewards than intended from unclaimed funds, significantly reducing the amount available for redistribution to legitimate claimants. This could drain a substantial portion of the pot unfairly.

Proof of Concept

// Assume 1000 tokens remain unclaimed after 90 days
// managerCutPercent = 10
// Current calculation: 1000 / 10 = 100 tokens (10% of pot)
// Intended calculation: (1000 * 10) / 100 = 10 tokens (1% of pot)
// Manager receives 90 extra tokens than intended

Recommended Mitigation

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = (remainingRewards * managerCutPercent) / 100; // Fixed: Proper percentage calculation
i_token.transfer(msg.sender, managerCut);
// ...
}
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!