

Archon public report
RewardsDistributor
Mantle Mainnet · scan depth quick · generated 6/12/2026, 2:08:12 AM
Risk Score
90
Archon completed a read-only Mantle Mainnet audit of RewardsDistributor and found 20 deterministic findings. The highest-priority issue is Msg Value Loop, with risk score 90/100 based on severity-weighted findings. The advanceEpoch function distributes rewards based on the msg.value, which can lead to unexpected behavior if the function is called multiple times in a single transaction. Review the recommended fixes and run regression tests before deployment.
Findings
| Severity | Finding | Location | Confidence |
|---|---|---|---|
| high | Msg Value Loop The advanceEpoch function distributes rewards based on the msg.value, which can lead to unexpected behavior if the function is called multiple times in a single transaction. | RewardsDistributor.sol:37 | 70% |
| high | Reentrancy Eth The claim function allows users to claim their rewards but is vulnerable to reentrancy attacks due to the order of operations. | RewardsDistributor.sol:47 | 80% |
| low | Missing Zero Check The rescue function does not check if the amount is zero before attempting to transfer Ether. | RewardsDistributor.sol:56 | 60% |
| low | Reentrancy Events The claim function emits an event after transferring Ether, which can lead to misleading information in event logs. | RewardsDistributor.sol:47 | 50% |
| info | Low Level Calls The rescue function uses a low-level call to transfer Ether, which can be risky if not handled properly. | RewardsDistributor.sol:56 | 60% |
| info | Low Level Calls The use of low-level calls can lead to unexpected behavior if the recipient is a contract that does not handle the call properly. | RewardsDistributor.sol:47 | 70% |
| low | Cache Array Length The loop iterates over the length of the stakers array multiple times, which can be optimized by caching the length. | RewardsDistributor.sol:39 | 80% |
| low | Immutable States The owner and epoch variables are declared as public but can be optimized for gas usage. | RewardsDistributor.sol:7 | 60% |
| medium | Pack small storage variables into fewer slots The storage variables can be packed to save space and reduce gas costs. | RewardsDistributor.sol:7 | 65% |
| low | Review calldata parameter width The rescue function uses a low-level call which may lead to unexpected behavior. | RewardsDistributor.sol:56 | 70% |
| info | Replace long revert string with custom error The revert string in the claim function can be replaced with a custom error for gas optimization. | RewardsDistributor.sol:49 | 80% |
| info | Mark never-changing value constant or immutable The owner variable can be marked as immutable or constant to optimize storage. | RewardsDistributor.sol:7 | 70% |
| info | Cache repeated storage read Repeated storage reads in the stake function can be cached to optimize gas usage. | RewardsDistributor.sol:30 | 75% |
| info | Cache repeated storage read The claim function reads the rewards mapping multiple times, which can be optimized. | RewardsDistributor.sol:48 | 70% |
| info | Use unchecked loop increment where bounded The for loop in advanceEpoch can use unchecked increments to save gas. | RewardsDistributor.sol:39 | 65% |
| info | Cache array length before loop Cache the length of the stakers array before the loop to optimize gas usage. | RewardsDistributor.sol:39 | 80% |
| info | Use != 0 for unsigned non-zero checks Use '!= 0' for checking non-zero values instead of '> 0'. | RewardsDistributor.sol:29 | 70% |
| info | Use != 0 for unsigned non-zero checks Use '!= 0' for checking non-zero values in the advanceEpoch function. | RewardsDistributor.sol:38 | 70% |
| info | Use != 0 for unsigned non-zero checks Use '!= 0' for checking non-zero values in the claim function. | RewardsDistributor.sol:49 | 70% |
| info | Remove redundant zero initialization Remove redundant zero initialization in the advanceEpoch function. | RewardsDistributor.sol:39 | 60% |

