The initialize function does not call __ReentrancyGuard_init(), leaving the reentrancy protection uninitialized. This could allow reentrancy attacks in functions using the nonReentrant modifier.
Add __ReentrancyGuard_init(); in the initialize function to properly initialize the reentrancy guard.
Line 111 – 119
The processExpiredQuestion function is public and lacks access control, allowing anyone to trigger it for expired questions. This could disrupt the intended workflow and lead to premature state changes.
Add the onlyServer modifier to processExpiredQuestion to restrict access.
Line 279 – 282
The submitQuestion function does not validate if the _answererId is registered. If the answerer never registers, rewards remain stuck in answererEarnings or pendingRewards, leading to lost funds.
Add checks to ensure _answererId is registered or enforce registration before question submission.
Line 176 – 185
If users send more ETH than required in viewQuestion, the excess is not refunded, leading to overpayment and incorrect reward calculations.
Calculate the exact required amount and refund any excess ETH sent by the user.
Line 314 – 318
