AI Arena - Avci's results

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/MergingPool.sol#L139-L167

Vulnerability details

Vulnerability Details

in the MergingPool.sol contract, the claimRewards() function Allows the user to batch claim rewards for multiple rounds. the issue is if some users don't claim their rewards for some time like a couple of months and roundId increased, users cant claim their rewards because if the user calls the claimRewards() function after a couple of months, will get out of gas error because roundId is increased and function cant handle loop operation.

Impact

Users are unable to claim their rewards after some time gap.

Proof of Concept

function claimRewards(
        string[] calldata modelURIs, 
        string[] calldata modelTypes,
        uint256[2][] calldata customAttributes
    ) 
        external 
    {
        uint256 winnersLength;
        uint32 claimIndex = 0;
        uint32 lowerBound = numRoundsClaimed[msg.sender];
        for (uint32 currentRound = lowerBound; currentRound < roundId; currentRound++) {
            numRoundsClaimed[msg.sender] += 1;
            winnersLength = winnerAddresses[currentRound].length;
            for (uint32 j = 0; j < winnersLength; j++) {
                if (msg.sender == winnerAddresses[currentRound][j]) {
                    _fighterFarmInstance.mintFromMergingPool(
                        msg.sender,
                        modelURIs[claimIndex],
                        modelTypes[claimIndex],
                        customAttributes[claimIndex]
                    );
                    claimIndex += 1;
                }
            }
        }
        if (claimIndex > 0) {
            emit Claimed(msg.sender, claimIndex);
        }
    }

Tools Used

VSCODE

Recommended Mitigation Steps

implement claim for everyone function or implement bot for claim user rewards after some time gap.

Assessed type

Other