Submission Details
Impact:
Likelihood:
[H] Owner can close pot and take fund many times
[H] Owner can close pot and take fund many times
Description
remainingRewardsis not updated withinclosePot, owner can close pot and take fund many times.
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
@> if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Risk
Likelihood: Medium
If there's still funds in the pot, owner can call close pot many times to repeatedly drain the funds.
Impact: High
This will break protocol's purpose!
Proof of Concept
Recommended Mitigation
Add flag to record if a pot has closed and do check within closePot function:
+ bool public isClosed;
...
function closePot() external onlyOwner {
+ if (isClosed) {
+ revert Pot__ClosedForClaim();
+ }
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
+ isClosed = true;
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.