Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Missing function to check if a `token` is `whitelisted` causes loss of funds

0xdice91

Summary

The protocol lacks a public function which can be called by any organizer or sponsor to ensure the intended token for distribution is whitelisted.

Vulnerability Details

As time passes the number of available tokens worldwide will continue to increase, therefore it is vital for an organizer or sponsor to be able to check if a token intended for distribution is whitelisted to prevent funds from being lost forever in the proxy contracts.
This is a simple but very important function that will prevent huge losses in the future.
After calling getProxyAddress() the check function will also be called before the transfer is made.

Impact

This will prevent the loss of tokens because of ignorance.

Tools Used

Manual Review

Recommendations

A public function to check if a desired token is whitelisted should be added to ProxyFactory.sol.

function Checktoken (address token) public view returns (bool) {

return whitelistedTokens(token);

}

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.