search

sherlock-audit / 2023-04-footium-judging

13 stars 7 forks source link

peanuts - After first claim, claimERC20Prize and claimETHPrize does not claim the full amount anymore #357

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

peanuts

medium

After first claim, claimERC20Prize and claimETHPrize does not claim the full amount anymore

Summary

Vulnerability Detail

In FootiumPrizeDistributor#claimERC20Prize, the totalERC20Claimed[_token][_to] mapping stores the total amount of erc20 claimed from the club owner. Let's say a club owner intends to claim 100 ERC20 tokens.

        uint256 value = _amount - totalERC20Claimed[_token][_to];

        if (value > 0) {
            totalERC20Claimed[_token][_to] += value;
            _token.transfer(_to, value);
        }

value = 100 tokens - 0 (no tokens claimed yet) = 100 Since value > 0, totalERC20Claimed[_token][_to] = 100

Later on, there's another 90 tokens of prize to be claimed. value = 90 - 100 (revert due to underflow)

The club owner must wait until >100 tokens can be claimed before calling claim.

Now, the club owner waits until the prize to be claimed is 110. value = 110 - 100 = 10 since value > 0, totalERC20Claimed[_token][_to] = 110

Club owner only claims 10 instead of 110 tokens. There is 100 tokens left to claim but the club owner cannot claim because 100 < totalERC20Claimed[_token][_to]

Impact

Club owner cannot claim the full amount.

Code Snippet

https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L106-L134

Tool used

Manual Review

Recommendation

Recommend changing the accounting prize to let club owner withdraw the full price amount.

Duplicate of #18