Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Winners addresses can be blacklisted

0xanmol

Summary

There is a chance that the winner's address selected by the organizer can be blacklisted by token and if that is the case then the system will fail to distribute the reward.

Vulnerability Details

If the organizer selects a winner's address for reward distribution, there's a risk that the chosen address could be blacklisted. If the winner's address is indeed blacklisted, the system attempting to distribute the reward would fail since the frozen or blacklisted address would be unable to receive or transact with token contract, potentially leading to a distribution breakdown.

Impact

If the winner's account is blacklisted and he is a major contributor to the idea he will incur a huge fund loss.

Tools Used

manual review

Recommendations

If the protocol is deciding the winner off-chain then make sure the winner's address is not blacklisted, if it is soo then transfer another token with equal value to the winners and get the original token back using the distributeByOwner function.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.