Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

Submission Details

Severity: medium

Valid

Factory address can claim all prize or take a major share of the prize

Factory address can claim all prize or take a major share of the prize

Msg.sender can set himself as the main/only winner of the contest and can take major share of the rewards.

An attacker may steal whole or major part of the funds by adding his address in the winner list.

Manual code review
Manual code analysis

CEI should be placed in order of preventing factory address to be in the list of winners.

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.