Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Passing Same addresses can make the funds stuck forever

ua1552

Summary

In Distributor.sols constructor, there are chances that same address can be passed for both factory and stadium that could make the funds stuck.
The same can be possible in ProxyFactory.sol contract.

Vulnerability Details

The constructor of Distributor.sol Does not check if both factoryAddress and stadiumAddress are same.

constructor(

// uint256 version, // for future use

address factoryAddress,

address stadiumAddress

)

/* solhint-enable */

{

if (factoryAddress == address(0) || stadiumAddress == address(0)) revert Distributor__NoZeroAddress();

FACTORY_ADDRESS = factoryAddress; // initialize with deployed factory address beforehand

STADIUM_ADDRESS = stadiumAddress; // official address to receive commission fee

}

So Now if the tokens are sent to the factory, then there are no way to get them back as there is no transfer fund function in ProxyFactory.sol itself that checks that. Maybe it is desirable that the factoryAddress could be stadiumAddress but it still doesn't solve the issue because of the same no transfer function problem.

That is not the only case where this is problem. The same check is not also done in the setContest function of ProxyFactory as there are chances that owner might set the same organiser and implementation mistakenly. So now if the funds are transferred to this new ProxyAddress those will be stuck as well since no implementation contract is available for that address as it is equal to organiser.

function setContest(address organizer, bytes32 contestId, uint256 closeTime, address implementation)

public

onlyOwner

{

if (organizer == address(0) || implementation == address(0)) revert ProxyFactory__NoZeroAddress();

if (closeTime > block.timestamp + MAX_CONTEST_PERIOD || closeTime < block.timestamp) {

revert ProxyFactory__CloseTimeNotInRange();

}

bytes32 salt = _calculateSalt(organizer, contestId, implementation);

if (saltToCloseTime[salt] != 0) revert ProxyFactory__ContestIsAlreadyRegistered();

saltToCloseTime[salt] = closeTime;

emit SetContest(organizer, contestId, closeTime, implementation);

}

Impact

Funds that are sent as a funds/fee/commission/share will be stuck forever.

Tools Used

Manual Review

Recommendations

Make Proper checks that the factoryAddress is not equal to stadiumAddress or maybe if it is desirable then add a transfer fund function in the ProxyFactory.sol itself.
Also in ProxyFactory contract, make the same inequality check.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!