ch13fd357r0y3r - User cannot claim Prizes on their second claim in many instances.
ch13fd357r0y3r
High
Summary
The claimERC20Prize() and claimETHPrize() will revert in many instances if the claimer claims for second time and causes User cannot claim prize forever and Some in Instance user get will 0 amount or less amount of tokens or ETH than original prize value announced.
Vulnerability Detail
User cannot or can claim lower amount prize in following instance:
Instance 1: User A already claims 1000 worth of Usdc token and recorded as totalERC20Claimed[USDC][A] as 1000. User A won other game and this time he wons 500 worth of Usdc. But this If he tries to claim via claimERC20Prize() it will revert because of Overflow
uint256 value = _amount - totalERC20Claimed[_token][_to];
if (value > 0) {
totalERC20Claimed[_token][_to] += value;
_token.transfer(_to, value);
}
The call will be reverted because of Overflow as value is declared as 500 - 1000.
Instance 2: Call will be Successful But user will get 0 amount of token if User A wons 1000 amount of token in 1st game and
and same amount of prize is won on 2nd game he will receive 0 amount by value = 1000 - 1000 = 0 instead of 1000 tokens or ETH
Instance 3: Call will be Successful If user wons more than the 1st game. Example user A wons 1000 in 1st game and 2000 in 2nd game it follows as value = 2000 - 1000 = 1000 only 1000 amount of tokens can be claimed instead of 2000 token or ETH.
The above Instance also suits to claimETHPrize() function as it also follows:
uint256 value = _amount - totalETHClaimed[_to];
if (value > 0) {
totalETHClaimed[_to] += value;
(bool sent, ) = _to.call{value: value}("");
if (!sent) {
revert FailedToSendETH(value);
}
}
Impact
User Claim Prize Nothing or lesser than the Original Prize amount that has been announced If Second time Claim for the user.
ch13fd357r0y3r
high
ch13fd357r0y3r - User cannot claim Prizes on their second claim in many instances.
ch13fd357r0y3r
High
Summary
The
claimERC20Prize()andclaimETHPrize()will revert in many instances if the claimer claims for second time and causes User cannot claim prize forever and Some in Instance user get will 0 amount or less amount of tokens or ETH than original prize value announced.Vulnerability Detail
User cannot or can claim lower amount prize in following instance:
The call will be reverted because of Overflow as value is declared as 500 - 1000.
Instance 2: Call will be Successful But user will get 0 amount of token if User A wons 1000 amount of token in 1st game and and same amount of prize is won on 2nd game he will receive 0 amount by
value = 1000 - 1000 = 0instead of 1000 tokens or ETHInstance 3: Call will be Successful If user wons more than the 1st game. Example user A wons 1000 in 1st game and 2000 in 2nd game it follows as
value = 2000 - 1000 = 1000only 1000 amount of tokens can be claimed instead of 2000 token or ETH.The above Instance also suits to
claimETHPrize()function as it also follows:Impact
User Claim Prize Nothing or lesser than the Original Prize amount that has been announced If Second time Claim for the user.
Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L106
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L126
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L144
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L163
Tool used
Manual Review
Recommendation
Add
bytes32 _prooffor mappings such astotalERC20ClaimedandtotalETHClaimed. The proof differs each time and it may protect against this bug.Duplicate of #18