Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

There are tokens that may revert when zero value transfers are made

inallhonesty

Summary

Prevent zero value transfers to eliminate one of the reasons that could make _distribute fail and waste a decent amount of gas (because the transfers happen in a loop).

Vulnerability Details

Given that the plan is to deploy the protocol on any EVM compatible there is an easy check that could be implemented in order to avoid an edge case revert in the _distribute function transfer loop. Although EIP-20 specifies the acceptance of zero-valued transfers, certain tokens like BNB (!!!) may trigger a revert when such transfers are attempted. This behavior could lead to the complete reverting of transactions, and depending on how big the winners array is this could be gas intensive. To mitigate this, consider skipping the transfer for zero amounts.

BNB transfer function:

/* Send coins */
function transfer(address _to, uint256 _value) {
if (_to == 0x0) throw; // Prevent transfer to 0x0 address. Use burn() instead
if (_value <= 0) throw;
if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough
if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows
balanceOf[msg.sender] = SafeMath.safeSub(balanceOf[msg.sender], _value); // Subtract from the sender
balanceOf[_to] = SafeMath.safeAdd(balanceOf[_to], _value); // Add the same to the recipient
Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place
}

Impact

Wasted gas

Tools Used

Manual review

Recommendations

uint256 winnersLength = winners.length; // cache length
for (uint256 i; i < winnersLength;) {
uint256 amount = totalAmount * percentages[i] / BASIS_POINTS;
++ if (amount == 0) continue;
erc20.safeTransfer(winners[i], amount);
unchecked {
++i;
}
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.