Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Contracts are vulnerable to fee-on-transfer accounting-related issues

oualidpro

Summary

Contracts are vulnerable to fee-on-transfer accounting-related issues

Vulnerability Details

The functions below transfer funds from the caller to the receiver via transferFrom(), but do not ensure that the actual number of tokens received is the same as the input amount to the transfer. If the token is a fee-on-transfer token, the balance after the transfer will be smaller than expected, leading to accounting issues. Even if there are checks later, related to a secondary transfer, an attacker may be able to use latent funds (e.g. mistakenly sent by another user) in order to get a free credit.

File: src/Distributor.sol

147: erc20.safeTransfer(winners[i], amount);

164: token.safeTransfer(STADIUM_ADDRESS, token.balanceOf(address(this)));

Impact

Accounting issues

Tools Used

Manual

Recommendations

One way to solve this problem is to measure the balance before and after the transfer, and use the difference as the amount, rather than the stated amount.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.