The updateContribution function checks for uniqueness of contributorId but does not check if the contributor's address already exists in the current cycle. This allows the same address to be added multiple times with different contributor IDs. The getContribution function returns the first occurrence of the address, leading to under-reporting of the contributor's total score if multiple entries exist. This breaks data integrity and can result in incorrect reward distributions or tracking.
Add a check in updateContribution to ensure the contributor's address does not already exist in the current cycle's contributors array. Alternatively, allow updates to existing entries instead of creating new ones.
Line 191 – 205
The startNewCycle function does not ensure that a new cycle's start time is strictly after the previous cycle's. If called in the same block, multiple cycles will share the same start time. The findCycleByTimestamp function returns the latest cycle for that timestamp, potentially causing incorrect cycle selection in time-based queries.
Add a check requiring block.timestamp > lastCycle.startTime before creating a new cycle. This enforces sequential start times and prevents overlapping cycles.
Line 167 – 177
