Platform: Code4rena
Start Date: 09/02/2024
Pot Size: $60,500 USDC
Total HM: 17
Participants: 283
Period: 12 days
Judge:
Id: 328
League: ETH
Rank: 254/283
Findings: 1
Award: $0.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ahmedaghadi
Also found by: 0x13, 0xAleko, 0xDetermination, 0xKowalski, 0xPluto, 0xRiO, 0xvj, AlexCzm, Avci, BARW, BigVeezus, Cryptor, DeFiHackLabs, Draiakoo, Fitro, Giorgio, GoSlang, Greed, Honour, Kalogerone, KmanOfficial, Krace, McToady, MidgarAudits, MrPotatoMagic, Nyxaris, ReadyPlayer2, Ryonen, SovaSlava, SpicyMeatball, VAD37, _eperezok, alexzoid, almurhasan, btk, cu5t0mpeo, deadrxsezzz, djxploit, dvrkzy, emrekocak, erosjohn, evmboi32, fnanni, grearlake, inzinko, jesjupyter, jesusrod15, josephdara, ke1caM, klau5, ktg, ladboy233, merlinboii, nuthan2x, peanuts, pipidu83, pontifex, radev_sw, sl1, sobieski, soliditywala, t0x1c, taner2344, vnavascues, y4y, yovchev_yoan, zaevlad
0.2347 USDC - $0.23
Users may not be able to claim rewards
When a user becomes a winner in a certain round, he can call claimRewards to claim the rewarded fighter.
function claimRewards( string[] calldata modelURIs, string[] calldata modelTypes, uint256[2][] calldata customAttributes ) external { uint256 winnersLength; uint32 claimIndex = 0; uint32 lowerBound = numRoundsClaimed[msg.sender]; for (uint32 currentRound = lowerBound; currentRound < roundId; currentRound++) { numRoundsClaimed[msg.sender] += 1; winnersLength = winnerAddresses[currentRound].length; for (uint32 j = 0; j < winnersLength; j++) { if (msg.sender == winnerAddresses[currentRound][j]) { _fighterFarmInstance.mintFromMergingPool( msg.sender, modelURIs[claimIndex], modelTypes[claimIndex], customAttributes[claimIndex] ); claimIndex += 1; } } } if (claimIndex > 0) { emit Claimed(msg.sender, claimIndex); } }
However, if the user does not receive the reward fighter for a long time, the user will lose all his reward fighters. Because when claiming rewards, calling mintFromMergingPool->_createNewFighter will check whether the number of fighters owned by the user is greater than 10.
uint8 public constant MAX_FIGHTERS_ALLOWED = 10; ... function _createNewFighter( address to, uint256 dna, string memory modelHash, string memory modelType, uint8 fighterType, uint8 iconsType, uint256[2] memory customAttributes ) private { require(balanceOf(to) < MAX_FIGHTERS_ALLOWED); ... }
If it is greater than 10 the entire transaction will be reverted. As a result, users will not be able to receive reward fighter.
Since the user will lose all rewards, the level is high
Manual Review
Users should be allowed to set the number to receive, rather than receiving all fighters at once.
DoS
#0 - c4-pre-sort
2024-02-22T09:23:28Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-22T09:23:35Z
raymondfam marked the issue as duplicate of #216
#2 - c4-judge
2024-03-11T12:49:32Z
HickupHH3 changed the severity to 2 (Med Risk)
#3 - c4-judge
2024-03-11T12:52:24Z
HickupHH3 marked the issue as satisfactory