Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Small rewards may truncate to zero

jaraxxus

Summary

If the percentage of rewards is too low, it may truncate to zero, and the winner will not gain anything

Vulnerability Details

In the distribution function, the winner will receive a reward that is proportionate to the total amount

for (uint256 i; i < winnersLength;) {

uint256 amount = totalAmount * percentages[i] / BASIS_POINTS;

erc20.safeTransfer(winners[i], amount);

If the totalAmount is exceptionally low and the percentage is low, then the amount will truncate to zero. Currently, this is highly unlikely because the totalAmount for a contest will not be $0.01. However, the risk of truncation still remains, especially if the protocol adds in more token that has low decimals with high value, like wbtc. Setting as low.

Impact

Truncation to zero may be possible

Tools Used

ReMix

Recommendations

Make sure the totalAmount has at least a 1e4 minimum cap, and make sure the protocol does not send 0 values.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.