search

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

withdrawClaimRewards #174

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L483

Vulnerability details

Impact

In this function there is no need for address _to. In this case address _to must be msg.sender.

Proof of Concept

User can miserably set wrong address _to and loss his tokens. To prevent this we need to remove address _to from this function and instead of it write msg.sender like this` function withdrawClaimRewards(uint256 _amount) external { uint256 _available = claimerRewards[msg.sender];

if (_amount > _available) {
  revert InsufficientRewardsError(_amount, _available);
}

claimerRewards[msg.sender] -= _amount;
_transfer(msg.sender, _amount);
emit WithdrawClaimRewards(msg.sender, _amount, _available);

}

Except from loss of tokens this technique also allow to consume less gas.

Assessed type

Token-Transfer

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality