function reclaimIncentive can be invoked more than once for the same incentiveId. If there were multiple incentives for the same token it would allow to drain these tokens by repeatedly calling reclaimIncentive.
Recommended Mitigation Steps
Simple mitigation is to simply add the amount to the rewardsUnclaimed or add an extra boolean flag 'reclaimed' to the Incentive struct but that would incur more gas.
sarangparikh22
commented
3 years ago
Handle
pauliax
Vulnerability details
Impact
function reclaimIncentive can be invoked more than once for the same incentiveId. If there were multiple incentives for the same token it would allow to drain these tokens by repeatedly calling reclaimIncentive.
Recommended Mitigation Steps
Simple mitigation is to simply add the amount to the rewardsUnclaimed or add an extra boolean flag 'reclaimed' to the Incentive struct but that would incur more gas.