Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Some ERC20 tokens would revert on zero value transfers.

castleChain

Summary

some ERC20 tokens revert on transfer 0 value and this will lead to DoS and prevent the winners from claiming their rewards

Vulnerability Details

some weird ERC20 revert on transfer of 0 value (e.g. LEND) ,can be found here
in the function _distribute() the any percentages of the winners can be 0 value , and there is no check for the amount that will be sent to the winner , so the amount here can be zero which will lead to revert and the winners will not get their rewards

uint256 winnersLength = winners.length; // cache length
for (uint256 i; i < winnersLength;) {
uint256 amount = totalAmount * percentages[i] / BASIS_POINTS;
erc20.safeTransfer(winners[i], amount);
unchecked {
++i;
}

Impact

the reversion of the function will lead to loss of funds for the winners which will not get their rewards .

Tools Used

manual review

Recommendations

make sure that the amount that will be sent is greater than zero and the percentage of the winner is greater than zero

uint256 winnersLength = winners.length; // cache length
for (uint256 i; i < winnersLength;) {
--> if (percentage[i] > 0 ) {
uint256 amount = totalAmount * percentages[i] / BASIS_POINTS;
--> if (amount > 0 ) {
erc20.safeTransfer(winners[i], amount);
unchecked {
++i;
}
}
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.