Summary

the _commissionTransfer function, transfers tokens to the designated STADIUM_ADDRESS as part of the commission fee distribution process. , the problem is the fact that the function relies solely on the reported balance of the token contract without proper validation
Leading to financial losses, and the protocol's reputation could be tarnished.

Vulnerability Details

Here is the vulnerable part in code :

Exploit Path:

• An attacker initiates the token distribution process by calling the _distribute function.

• Since the _distribute function internally calls _commissionTransfer, the attacker crafts a malicious token contract with a crafted balanceOf function.

• The attacker ensures that their crafted token's balanceOf function reports a different balance than the actual balance held by the Distributor contract.

• The malicious token contract is whitelisted in the factory contract, passing the _isWhiteListed check.

• The attacker then initiates a distribution using their malicious token, causing the _commissionTransfer function to transfer an incorrect amount of tokens to the STADIUM_ADDRESS.

Impact

The attacker's manipulation of the token's reported balance could lead to the distribution of an incorrect commission fee. This manipulation could result in a financial loss for the protocol since the attacker would receive more tokens than intended, affecting the rewards and funds available for distribution to legitimate winners.

Tools Used

Manual review

Recommendations

checks the commissionTransfer function to prevent any manipulation of the reported balance of whitelisted tokens