Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch.
Proof of Concept
contract : TwabRewards
function : cancelPromotion
line 132 delete _promotions[_promotionId];
After this once a user executes claimRewards, since the values of promotionId are deleted(zeroed), the calculation of rewards will result in zero
line 180 _rewardsAmount += _calculateRewardAmount(_user, _promotion, _epochId);
Tools Used
Manual review and unit test
Recommended Mitigation Steps
Do not delete the promotionId in line 132 of function cancelPromotion
PierrickGT
commented
2 years ago
Handle
hubble
Vulnerability details
Impact
Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch.
Proof of Concept
contract : TwabRewards function : cancelPromotion
line 132 delete _promotions[_promotionId];
After this once a user executes claimRewards, since the values of promotionId are deleted(zeroed), the calculation of rewards will result in zero
line 180 _rewardsAmount += _calculateRewardAmount(_user, _promotion, _epochId);
Tools Used
Manual review and unit test
Recommended Mitigation Steps
Do not delete the promotionId in line 132 of function cancelPromotion