Sparkn

Summary

As referenced in the preceding documentation, this function serves to recover funds in the event they become inaccessible post-deployment and after the contest has concluded. Initially, these funds are directed towards the STADIUM_ADDRESS, but they can be rerouted if necessary.

Vulnerability Details

In the event that a user inadvertently transfers funds to the proxy contract post-contest and after prize distribution, the protocol's logic is designed to redirect these funds to the STADIUM_ADDRESS.

This is facilitated by the distributeByOwner function, which in turn utilizes the distribute function. However, it's important to note that this function allows for the specification of a winner and percentage allocation. Consequently, there's a potential risk that one winner with 95% is passed through. Concequently 95% of the trapped tokens could be redirected to a wallet other than the STADIUM_ADDRESS.

Impact

the token stuck can be sent to another wallet

Tools Used

Manual code review

Recommendations

Use this function just for rescue the funds of inefficient, I recommend implement another function only for that. But still if you wanna continue, garantie all the fund is direct to STADIUM_ADDRESS.