Submission Details
Impact:
Likelihood:
Reward Sum Validation Missing Allows Funding Mismatches
Root + Impact
Description
The createContest() function doesn't validate that the sum of individual rewards in the rewards array equals the totalRewards parameter. This can lead to either overfunding (wasted tokens) or underfunding (failed claims) of the Pot contract.
function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)
public
onlyOwner
returns (address)
{
// No validation that sum(rewards) == totalRewards
Pot pot = new Pot(players, rewards, token, totalRewards);
// ...
}
Risk
Impact:
If
sum(rewards) > totalRewards: Some players cannot claim their full rewards.If
sum(rewards) < totalRewards: Excess tokens remain stuck in the contract or give the manager more than intended during closure.
Proof of Concept
// rewards = [100, 200, 300] // sum = 600
// totalRewards = 500
// Fund with 500 tokens
// Third player cannot claim their full 300 tokens
// Or if totalRewards = 700, 100 extra tokens stuck
Recommended Mitigation
function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)
public
onlyOwner
returns (address)
{
uint256 sum = 0;
for (uint256 i = 0; i < rewards.length; i++) {
sum += rewards[i];
}
require(sum == totalRewards, "Rewards sum mismatch");
Pot pot = new Pot(players, rewards, token, totalRewards);
// ...
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.