Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

No checks on prize amount allows malicious/compromised organizer to steal from supporters

madalad

Summary

ProxyFactory#_distribute performs a low level call to the proxy address specified as a parameter, and is missing a contract existence check. If an erroneous address is passed, as could be the case when the owner calls distributeByOwner, the call will succeed even though the tokens were not distributed.

Vulnerability Details

_distribute is called by each entry point in the ProxyFactory contract, and the internal function lacks a contract existence check on the proxy address argument:

File: src\ProxyFactory.sol
250: function _distribute(address proxy, bytes calldata data) internal {
251: (bool success,) = proxy.call(data); // @audit no check for contract existence at proxy address
252: if (!success) revert ProxyFactory__DelegateCallFailed();
253: emit Distributed(proxy, data);
254: }

Impact

Call will succeed and events will be logged incorrectly, potentially deceiving users/devs into thinking tokens were distributed.

Tools Used

Manual review

Recommendations

Implement a contract existence check in _distribute:

function _distribute(address proxy, bytes calldata data) internal {
+ require(proxy.code.length > 0, "invalid proxy argument");
(bool success,) = proxy.call(data);
if (!success) revert ProxyFactory__DelegateCallFailed();
emit Distributed(proxy, data);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!