Back to 0xkeesmark's contests

PoolTogether - 0xkeesmark's results

General Information

Platform: Code4rena

Start Date: 04/03/2024

Pot Size: $36,500 USDC

Total HM: 9

Participants: 80

Period: 7 days

Judge: hansfriese

Total Solo HM: 2

Id: 332

League: ETH

PoolTogether

Findings Distribution

Researcher Performance

Rank: 79/80

Findings: 1

Award: $1.47

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPoolTogether

Findings Information

🌟 Selected for report: DarkTower

Also found by: 0xJaeger, 0xJoyBoy03, 0xRiO, 0xkeesmark, 0xlemon, 0xmystery, Abdessamed, AcT3R, Afriauditor, AgileJune, Al-Qa-qa, Aymen0909, Daniel526, DanielTan_MetaTrust, Dots, FastChecker, Fitro, GoSlang, Greed, Krace, McToady, SoosheeTheWise, Tripathi, asui, aua_oo7, btk, crypticdefense, d3e4, dd0x7e8, dvrkzy, gesha17, iberry, kR1s, leegh, marqymarq10, n1punp, pa6kuda, radin100, sammy, smbv-1923, trachev, turvy_fuzz, valentin_s2304, wangxx2026, y4y, yotov721, yvuchev, zhaojie

Awards

1.4652 USDC - $1.47

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
:robot:_10_group
duplicate-59

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L617

Vulnerability details

Summary

The claimYieldFeeShares function in the PrizeVault contract incorrectly reduces the yieldFeeBalance, leading to potential discrepancies in fee distribution.

Vulnerability Details

In the PrizeVault contract, the claimYieldFeeShares function is intended to reduce the yieldFeeBalance by the amount of yield fee shares being claimed. However, due to a typo, it incorrectly reduces the yieldFeeBalance by _yieldFeeBalance instead of_shares.

The affected line of code is as follows:

yieldFeeBalance -= _yieldFeeBalance; // Incorrect

The correct implementation should be:

yieldFeeBalance -= _shares; // Correct

https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L617

Impact

The incorrect reduction of yieldFeeBalance can lead to an inaccurate accounting of yield fees within the contract. This discrepancy can result in unfair distribution of yield fees among participants, potentially disadvantaging some users while unfairly benefiting others. Over time, this could undermine trust in the platform and affect the overall integrity and fairness of fee distribution.

Tools Used

Manual review

Recommendations

To resolve this issue, the following code change is recommended:

- yieldFeeBalance -= _yieldFeeBalance;
+ yieldFeeBalance -= _shares;

Assessed type

Math

#0 - c4-pre-sort

2024-03-11T21:51:20Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-03-11T21:51:26Z

raymondfam marked the issue as duplicate of #10

#2 - c4-pre-sort

2024-03-13T04:38:23Z

raymondfam marked the issue as duplicate of #59

#3 - c4-judge

2024-03-15T07:39:09Z

hansfriese marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter