[HIGH] Reward claim accepts any score ≥ 1, ignores passing threshold

[DeFiVC]

Description

In src/modules/rewards/reward.service.ts:114, claimReward checks !submission.score || submission.score < 1, meaning any submission with 1+ correct answer qualifies. The quiz passing logic (70% threshold) is applied in src/modules/quizzes/quiz.service.ts:160, but claimReward never checks passed status.

A client can call POST /api/rewards/claim with a submissionId for a failed quiz (e.g., score=1 on a 3-question quiz).

Impact

Users can claim rewards for quizzes they didn't pass.

File

src/modules/rewards/reward.service.ts:114

Suggested Fix

Add a check that submission.score meets the passing threshold (70%) before allowing reward claim, or verify submission.passed is true.

[Clement-coder]

Hello, I'm a Full Stack Blockchain, Mobile, and Software Engineer with experience building scalable applications, smart contracts, APIs, and modern user-focused products.

I've reviewed this issue and understand the requirements and expected outcome. My background allows me to quickly analyze problems, implement efficient solutions, and maintain high code quality throughout development. I'm confident in my ability to deliver a clean, well-tested, and maintainable solution, and I'd be excited to contribute to this project.

[Menjay7]

Hi! I came across this issue and would love to work on it. I have experience with similar tasks and I'm confident I can investigate, implement a clean solution, and thoroughly test it before submitting a PR. If the issue is still open, I would appreciate it if you could assign it to me. Thank you!

[9904099]

Opened PR #44 for this: #44

Scope:

• reward claims now use the same 70% pass threshold as quiz submission
• failed submissions such as 1/3 or 2/3 are rejected before proof creation or Stellar invocation
• retry processing also skips non-passing submissions instead of trusting the raw retry score
• added focused Vitest coverage plus updated the existing concurrent reward-claim fixture

Validation run locally:

npm test -- tests/unit/services/reward-passing-threshold.test.ts tests/unit/services/concurrent-safety.test.ts
npm run typecheck
npm run build
npm run lint
git diff --check

npm run lint exits successfully with existing unrelated warnings only. Public contact for reward/payment coordination: 50889616@qq.com

[GBOYEE]

/claim #29

[gloskull]

Hello, I have 4 years of experience delivering solutions for projects like this, covering backend, frontend, and smart contract development. After carefully reviewing your requirements, I have a clear understanding of the task and am confident in my ability to deliver a clean, efficient, and thoroughly tested solution on time. I prioritize code quality, maintainability, and industry best practices throughout the development process.
My PR will be submitted in under 10hours.