The credit is accrued twice in award.
The first accrual happens implicitly when calling _mint through the ControlledToken(controlledToken).controllerMint call which then performs the PrizePool.beforeTokenTransfer hook which accrues credit.
Then the explicit accrual is done again. It should be enough to only add the extraCredit without doing another accrual (calling _updateCreditBalance(..., newBalance= _applyCreditLimit(controlledToken, controlledTokenBalance, uint256(creditBalance.balance).add(credit).add(extra))) instead).
Handle
cmichel
Vulnerability details
The credit is accrued twice in
award
. The first accrual happens implicitly when calling_mint
through theControlledToken(controlledToken).controllerMint
call which then performs thePrizePool.beforeTokenTransfer
hook which accrues credit. Then the explicit accrual is done again. It should be enough to only add theextraCredit
without doing another accrual (calling_updateCreditBalance(..., newBalance= _applyCreditLimit(controlledToken, controlledTokenBalance, uint256(creditBalance.balance).add(credit).add(extra)))
instead).