Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Revoke incoming sponsors funds after distributing rewards

tripathi

Summary

Funds sent by sponsor after distributing rewards should be revoked. As currently owner can recover funds but a fixed COMMISSION_FEE [10% as of now] will go to STADIUM_ADDRESS.

Vulnerability Details

Sponsor will loose 10% funds if he sent funds after distributing reward.

FLOW

Sponsor want to give rewards to winners but deadline has been passed and mistakenly he send tokens to proxyContract.
In this case only admin(Sparkn) can recover funds but some portion(COMMISSION_FEE) will be sent to STADIUM_ADDRESS and
sponsor will get only 90% of his funds

File: src/ProxyContract.sol
function distributeByOwner(
address proxy,
address organizer,
bytes32 contestId,
address implementation,
bytes calldata data
) public onlyOwner {
if (proxy == address(0)) revert ProxyFactory__ProxyAddressCannotBeZero();
bytes32 salt = _calculateSalt(organizer, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
// distribute only when it exists and expired
if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();
_distribute(proxy, data);
}

Admin will recover funds by this method but only 90%[since commision_fee is 10% currently]

Impact

sponsor will loose money

Tools Used

Manual

Recommendations

Revoke incoming funds after certain period[ best will be as contest ends]

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!