Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Blacklisted USDC address will dos the loop when sending awards

arnie

Summary

Blacklisted usdc adress can dos the transfer of tokens for other users.

Vulnerability Details

USDC addresses can be blacklisted, this means that these addresses cannot send or receive USDC. If a winner of a contest were to send the organizer a blacklisted USDC address, when awards are being sent, the for loop will be DOSed when attempting to send USDC to the blacklisted user's address/address he provided to the organizer. The user can be malicious and give the organizer an address he knows is blacklisted, if he himself does not own a blacklisted address.

Impact

The transfer of awards will be DOSed/ funds will be stuck.

Tools Used

manual review

Recommendations

implement logic or include a simulation functions that simulates the transfer and ensure there are no blacklisted addresses in the winners[]

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.