Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: high

`fallback()` function in `Proxy.sol` should be `payable`

Summary

Tokens are meant to be distributed to the Supporters( winners of SparkN contests) are sent to the proxy address after it's creation, but the proxy is missing the payable modifier and as such cannot handle the tokens sent.

Vulnerability Details

fallback() external {

Fallback function lacks payable modifier and is supposed to handle native assets.

// * In case somebody may send token to this contract by mistake, we added a function

  • in Distributor contract to distribute the token after the contest is over.

This is a comment in the proxy contract, which states that it should be able to receive funds, even those sent by mistake. It is not equipped to receive funds at all, due to lack of payable modifier

Impact

High, as all transactions that use native assets will revert

Tools Used

Manual Review

Recommendations

add payable modifier to fallback() function as such

fallback() external payable {

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.