possible bug in Boardroom allowing doubleClaim of rewards

[brian0641]

There appears to be a bug in Boardroom.sol that allows a user to double-claim a snapshot reward if stake() or claimDividends() is called in a tx that is the same block as a new boardSnapshot but after the tx with the boardSnapshot.

In particular, claimDividends() includes:

 uint256 totalRewards = getCashEarningsOf(msg.sender);
 directors[msg.sender].appointmentTime = now;

If called in the same tx as as the boardSnapshot, getCashEarnings will include the rewards from the snapshot. AppointmentTime will be set to now. When called again in a subsequent block, having an appointmentTime that equals the time of the snapshot results in rewards being claimed for that snapshot.

Possible solution: setting the appointmentTime to the lastBoardSnapshotTime() + 1. claimDividend() calls that are in the same block but after the snapshot will not be double-claimable. claimDividend() calls that are in the same block but before the snapshot will still be claimable in a later block.

Implementation of this solution : link

[Deleted user]

#16 resolves this issue. Thanks for your contribution!