MyCut
AI First Flight #8
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: low
Invalid

Player length and reward length can be unequal

lemrabetmoctar1

Missign check on lenght of player and rewards, The whole reward system will break

Description

  • The totale rewards should equal the totale player so everyone gets his reward

  • Their is no check if teh player length = reward leght if they are not equal that willl break the system of reward destrebution

function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)
public
onlyOwner
returns (address)
{
// Create a new Pot contract
//@> Pot pot = new Pot(players, rewards, token, totalRewards); @audit-issue: their is no check if the length of teh players and the rewards are equals
contests.push(address(pot));
contestToTotalRewards[address(pot)] = totalRewards;
return address(pot);
}

Risk

Likelihood:

  • Everytime the owner try to create a new contest if he set the reward not equal to the player length

Impact:

  • If the rewards are less that player some of player will gets 0

  • if it's more the players get somethign they not deserve

Proof of Concept

here is the steps adn the senario that can exploit this bug

1- user call claimcut
2-if the rewards > player lenght he gets more
3- if it's < player get 0

Recommended Mitigation

Should add requirment that player length should = rewards length

+ require (palyer.length == rewrads.length, "The rewards not match the player lengt")
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 5 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!