Contracts do not work with fee-on-transfer tokens
Summary
I put this in Low because Some tokens do not currently charge a fee but may do so in the future (e.g. USDT, USDC).
Vulnerability Details
During the distribution of rewards to contest winners, the _distribute function transfers tokens to recipient addresses. However, certain ERC20 tokens might incur a fee upon transfers. While the contract does not currently account for this, it's essential to consider the possibility that some tokens could introduce fees in the future.
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/Distributor.sol#L147
Impact
The contract's reliance on the safeTransfer function for distributing rewards can potentially result in reverted transfers when interacting with certain tokens that impose fees. This can lead to unexpected transaction failures and hinder the intended distribution process.
Tools Used
Manual Review
Recommendations
it's recommended to consider potential token transfer fees while distributing rewards. An effective approach could involve incorporating a mechanism to handle potential fee rejections, allowing the contract to handle these scenarios gracefully without disrupting the overall distribution process.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.