Let's say there is a Ticket called A. Ticket A has many users and assume there are some whales and they control most of the supplies. In this case most users rewards can be less than gas cost to claim rewards. Therefore, users with rewards less than gas cost don't claim their awards. As a consequence, from small rewards the unclaimed rewards can accumulate to serious amounts over time. Therefore, the contract can accumulate stuck amounts over time.
Mitigation step
Rather than leaving unclaimed awards stuck. It would be better to make use of them.
Track how much of the rewards are claimed. Make the unclaimed awards available after a one year (or just a similar long time frame) claimable by the promotion creator or protocol creators or someone else.
PierrickGT
commented
2 years ago
Handle
0x0x0x
Vulnerability details
Let's say there is a
Ticketcalled A. Ticket A has many users and assume there are some whales and they control most of the supplies. In this case most users rewards can be less than gas cost to claim rewards. Therefore, users with rewards less than gas cost don't claim their awards. As a consequence, from small rewards the unclaimed rewards can accumulate to serious amounts over time. Therefore, the contract can accumulate stuck amounts over time.Mitigation step
Rather than leaving unclaimed awards stuck. It would be better to make use of them.
Track how much of the rewards are claimed. Make the unclaimed awards available after a one year (or just a similar long time frame) claimable by the promotion creator or protocol creators or someone else.