#41707 [SC-Insight] Code differs from documentation in `Reward::getClaimableAmount` function
Was this helpful?
Was this helpful?
Submitted on Mar 17th 2025 at 17:32:38 UTC by @Oxl33 for
Report ID: #41707
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/Reward.sol
Impacts:
Description:
Statement from documentation:
- There is a cap each day on what percentage of the daily emissions that an individual address can receive, set at 30%
- Surplus token are burned
Source: https://docs.yeetit.xyz/yeet/yeet-game/mechanics
Now take a look at the code:
As you can see, claimable
is set to maxClaimable
, but the surplus tokens are not burned and they remain in the contract.
Recommended Mitigation:
Consider actually burning the surplus tokens or remove the Surplus token are burned
statement from documentation, to avoid misleading users.
Proof of Concept:
Surplus tokens are not burned, but documentation states that they are.
Source: https://github.com/immunefi-team/audit-comp-yeet/blob/da15231cdefd8f385fcdb85c27258b5f0d0cc270/src/Reward.sol#L190