Tame Menthol Condor
Medium
The claimReward() function is responsible for transferring rewards to a specified address. It checks if the caller has a reward, it clears the reward from storage, and performs the transfer.
However it is missing "whenNotPaused" and "onlyChallenger" modifier
The function here:
function claimReward(address receiver) external {
uint256 amount = batchChallengeReward[_msgSender()];
require(amount != 0, "invalid batchChallengeReward");
delete batchChallengeReward[_msgSender()];
_transfer(receiver, amount);
}The function is used by challengers to claim their rewards. However,
Missing onlyChallenger Modifier: • Issue: The function does not enforce that only authorized challengers can call it. • Impact: Without this modifier, people who are not challengers can call this function. This may lead to future abuse or consequences . So only challengers should be able to call this function
Missing whenNotPaused Modifier: • Issue: The function lacks a mechanism to prevent execution during periods when the contract is paused. • Impact: In case of an emergency or maintenance, the contract owner should be able to pause certain functions to prevent operations. Without this modifier, claimReward can be executed even if the contract is paused, which could be risky in situations where a pause is warranted. As you know this function triggers _transfer function. that _transfer function gives external call. So its very important to net getting executed when contract is paused.
No response
No response
No response
No response
function claimReward(address receiver) external {
uint256 amount = batchChallengeReward[_msgSender()];
require(amount != 0, "invalid batchChallengeReward");
delete batchChallengeReward[_msgSender()];
_transfer(receiver, amount);
}No response