Zero value transfer could always revert in `distribute`
Summary
The _distribute function in the provided smart contract has a potential vulnerability when transferring tokens. Some tokens, such as LEND, revert when attempting to transfer a zero value amount. The current implementation does not check if the transfer amount is zero, which could lead to a revert in the contract's execution if the token being transferred does not support zero transfers.
Vulnerability Details
In the _distribute function, the amount to be transferred to each winner is calculated using the formula:
Due to potential rounding issues, the amount could be zero. If the token being transferred does not support zero transfers, the contract will revert when executing the following line:
This could also happen here:
token.safeTransfer(STADIUM_ADDRESS, token.balanceOf(address(this)));
Impact
If a token that does not support zero transfers is used with this contract, and due to rounding issues a zero transfer is attempted, the entire _distribute function will revert. This could prevent the distribution of rewards to winners and the transfer of commission fees.
Tools Used
Manual review.
Recommendations
Before executing the safeTransfer function, check if the amount is zero. If it is, skip the transfer for that particular winner.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.