Sparkn

Summary

If fee-on-transfer tokens (such as USDT and USDC can activate fees) are used as token, funds will get stuck at contract.

Vulnerability Details

Protocol planning to use USDT, and USDC as shown by natspec:

@notice General ERC20 stable coin tokens, e.g. JPYC, USDC, USDT, DAI, etc, are suppsoed to be used in SPARKN.

These tokens can activate fees, and transfers inside Distributor.sol does not account for that as shown below:

Which means in the best case scenario there won't be enough fee left in the contract to transfer STADIUM_ADDRESS, and in the worst case scenario, (which is very likely) during for loop contracts balance will reach 0 because of token's fee payment and the next transfer won't occur, hence it will revert.

Because of requirement:

totalPercentage has to be exactly 9500 (%95), if fee percentage by token is more than %5, funds will stuck on contract. If less than that amount, then STADIUM_ADDRESS will receive less fees than expected by protocol.

Impact

Funds can stuck in contract without a way to withdraw it. Hence I consider this as high severity.

Tools Used

Manual Review

Recommendations

Although normally it is not best practice, since owner is trusted and protocol is right now semi-centralized, doing following can prevent this issue to happen:

• Create totalPercentage mapping for every token address.

• Make these variables changeable by owner.

• In case of USDT and USDC changed their fee variable, change their totalPercentage accordingly. ( For example if USDT decided to take %10 fee, than make it's totalPercentage 8500 instead of 9500 because %10 of the amount will go to the token transfer fees. )