ArchonArchon
Public verified reportRun your own audit

Archon public report

RewardsDistributor

Mantle Mainnet · scan depth quick · generated 6/12/2026, 2:08:12 AM

Risk Score

90

Archon completed a read-only Mantle Mainnet audit of RewardsDistributor and found 20 deterministic findings. The highest-priority issue is Msg Value Loop, with risk score 90/100 based on severity-weighted findings. The advanceEpoch function distributes rewards based on the msg.value, which can lead to unexpected behavior if the function is called multiple times in a single transaction. Review the recommended fixes and run regression tests before deployment.

Findings

low: 5high: 2info: 12medium: 1critical: 0
SeverityFindingLocationConfidence
high

Msg Value Loop

The advanceEpoch function distributes rewards based on the msg.value, which can lead to unexpected behavior if the function is called multiple times in a single transaction.

RewardsDistributor.sol:3770%
high

Reentrancy Eth

The claim function allows users to claim their rewards but is vulnerable to reentrancy attacks due to the order of operations.

RewardsDistributor.sol:4780%
low

Missing Zero Check

The rescue function does not check if the amount is zero before attempting to transfer Ether.

RewardsDistributor.sol:5660%
low

Reentrancy Events

The claim function emits an event after transferring Ether, which can lead to misleading information in event logs.

RewardsDistributor.sol:4750%
info

Low Level Calls

The rescue function uses a low-level call to transfer Ether, which can be risky if not handled properly.

RewardsDistributor.sol:5660%
info

Low Level Calls

The use of low-level calls can lead to unexpected behavior if the recipient is a contract that does not handle the call properly.

RewardsDistributor.sol:4770%
low

Cache Array Length

The loop iterates over the length of the stakers array multiple times, which can be optimized by caching the length.

RewardsDistributor.sol:3980%
low

Immutable States

The owner and epoch variables are declared as public but can be optimized for gas usage.

RewardsDistributor.sol:760%
medium

Pack small storage variables into fewer slots

The storage variables can be packed to save space and reduce gas costs.

RewardsDistributor.sol:765%
low

Review calldata parameter width

The rescue function uses a low-level call which may lead to unexpected behavior.

RewardsDistributor.sol:5670%
info

Replace long revert string with custom error

The revert string in the claim function can be replaced with a custom error for gas optimization.

RewardsDistributor.sol:4980%
info

Mark never-changing value constant or immutable

The owner variable can be marked as immutable or constant to optimize storage.

RewardsDistributor.sol:770%
info

Cache repeated storage read

Repeated storage reads in the stake function can be cached to optimize gas usage.

RewardsDistributor.sol:3075%
info

Cache repeated storage read

The claim function reads the rewards mapping multiple times, which can be optimized.

RewardsDistributor.sol:4870%
info

Use unchecked loop increment where bounded

The for loop in advanceEpoch can use unchecked increments to save gas.

RewardsDistributor.sol:3965%
info

Cache array length before loop

Cache the length of the stakers array before the loop to optimize gas usage.

RewardsDistributor.sol:3980%
info

Use != 0 for unsigned non-zero checks

Use '!= 0' for checking non-zero values instead of '> 0'.

RewardsDistributor.sol:2970%
info

Use != 0 for unsigned non-zero checks

Use '!= 0' for checking non-zero values in the advanceEpoch function.

RewardsDistributor.sol:3870%
info

Use != 0 for unsigned non-zero checks

Use '!= 0' for checking non-zero values in the claim function.

RewardsDistributor.sol:4970%
info

Remove redundant zero initialization

Remove redundant zero initialization in the advanceEpoch function.

RewardsDistributor.sol:3960%