Submission Details
Impact:
Likelihood:
### [L-1] `Snow::earnSnow` uses a rolling cooldown instead of an epoch-based weekly window
Description: The cooldown check block.timestamp < (s_earnTimer + 1 weeks) starts a fresh 7-day wait from the moment of each claim. A user who claims on the last second of a calendar week must wait a full additional 7 days, while a user who claimed at the start of that week can claim again 7 days later.
Impact: Users who claim late in any week are penalized relative to early claimers, creating an unfair advantage for front-runners.
Recommended Mitigation: Use epoch-based accounting so every user gets one claim per calendar week.
- uint256 private s_earnTimer;
+ mapping(address => uint256) private s_lastClaimEpoch;
function earnSnow() external canFarmSnow {
- if (s_earnTimer != 0 && block.timestamp < (s_earnTimer + 1 weeks)) {
- revert S__Timer();
- }
+ uint256 currentEpoch = block.timestamp / 1 weeks;
+ if (s_lastClaimEpoch[msg.sender] >= currentEpoch) revert S__Timer();
+ s_lastClaimEpoch[msg.sender] = currentEpoch;
_mint(msg.sender, 1);
- s_earnTimer = block.timestamp;
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.