feelesslyRedeemedPTokens mapping is not properly updated in redeemRewards function on PointTokenVault
Summary
feelesslyRedeemedPTokens mapping is not properly updated in redeemRewards function on PointTokenVault.sol contract when feelesslyRedeemed != claimed.
Vulnerability Detail
Instead of adding to the overall feelesslyRedeemedPTokens[msg.sender][pointsId], the code just equals the claimed value to the mapping which causes incorrect amount of feelesslyRedeemedPTokens to be stored on the mapping.
Impact
Bug causes incorrect claim amounts to be open to manipulation by user. This can benefit him during multiple claiming events.
matejdb
Medium
feelesslyRedeemedPTokens mapping is not properly updated in redeemRewards function on PointTokenVault
Summary
feelesslyRedeemedPTokensmapping is not properly updated inredeemRewardsfunction onPointTokenVault.solcontract whenfeelesslyRedeemed != claimed.Vulnerability Detail
Instead of adding to the overall
feelesslyRedeemedPTokens[msg.sender][pointsId], the code just equals theclaimedvalue to the mapping which causes incorrect amount offeelesslyRedeemedPTokensto be stored on the mapping.Impact
Bug causes incorrect claim amounts to be open to manipulation by user. This can benefit him during multiple claiming events.
Code Snippet
https://github.com/sherlock-audit/2024-07-sense-points-marketplace/blob/main/point-tokenization-vault/contracts/PointTokenVault.sol#L219C1-L219C74
Tool used
Manual Review
Recommendation
Rewrite the line as following: