SEVERITY: Low
PATH: HATVaultsRegistry.sol:swapAndSend (L335-392) REMEDIATION: see description
STATUS:
DESCRIPTION:
In HATVaultsRegistry.sol:swapAndSend the parameter _beneficiaries is a list of addresses of users that still require their bounties to be swapped to HAT and paid out. However, the function first loops over all addresses and keeps track of each payout per index. The mapping containing the reward for the user is only updated after the payout. If the list would contain a duplicate, the user would receive their bounty multiple times.
We recommend to check the _beneficiaries parameter for any duplicates. This can be implemented efficiently in the same loop that extracts the rewards, maintaining the complexity O(n), as follows:
for (uint256 i = 0; i < _beneficiaries.length;) {
require(_beneficiaries[i] > _lastHacker, "Duplicate or not sorted");
_swapData.hackerRewards[i] = hackersHatReward[_asset][_beneficiaries[i]];
_swapData.amount += _swapData.hackerRewards[i];
unchecked { ++i; } }
SEVERITY: Low PATH: HATVaultsRegistry.sol:swapAndSend (L335-392) REMEDIATION: see description STATUS: DESCRIPTION: In HATVaultsRegistry.sol:swapAndSend the parameter _beneficiaries is a list of addresses of users that still require their bounties to be swapped to HAT and paid out. However, the function first loops over all addresses and keeps track of each payout per index. The mapping containing the reward for the user is only updated after the payout. If the list would contain a duplicate, the user would receive their bounty multiple times. We recommend to check the _beneficiaries parameter for any duplicates. This can be implemented efficiently in the same loop that extracts the rewards, maintaining the complexity O(n), as follows: