Root + Impact

If the intended behavior is to reward users with 1 full token per claim period, the current implementation under-rewards users by a factor of 10^18, effectively making the reward negligible.

If the reward is intentionally meant to be minimal, the absence of clarification or explicit usage of PRECISION reduces code readability and may cause misinterpretation by integrators or auditors.

Description

• The protocol defines a PRECISION constant equal to 10 ** 18, indicating that the ERC20 token uses 18 decimal places. However, in the earnSnow() function, the contract mints a fixed amount of 1 token unit:

  uint256 constant PRECISION = 10 ** 18;
  
  

  Given the token’s 18-decimal configuration, minting 1 results in issuing 1 wei of the token, rather than 1 full token (1 * 10^18 units). Additionally, the declared PRECISION constant is not utilized within the reward logic, which may indicate a mismatch between the intended and implemented reward amount.

Risk

Likelihood:

• Likelihood is (High) When user calls earnSnow function with intention of claiming 1 Snow per week rewards.

• The function mints only 1 wei token instead of one full token.

Impact:

• While this issue does not introduce a direct exploit or lead to loss of protocol funds, but it may break the intended incentive or reward mechanism

  
  

• Lead to user confusion or dissatisfaction and undermine the economic design of the protocol

Proof of Concept

1. User calls earnSnow().

2. earnSnow() mints 1 wei token to user.

Recommended Mitigation

If the intention is to mint 1 full token, update the mint logic to use the defined precision