Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

No check if deployment was successful and returned non-zero address

Obin

Summary

Smart contract may not function as expected as deployment may fail silently.

Vulnerability Details

The function _deployProxy() can fail silently returning a zero address which in turn affects the expected implementation in function _distribute(). these two internal functions are called in multiple other functions like deployProxyAndDistribute(), deployProxyAndDistributeBySignature(), deployProxyAndDistributeByOwner(), and distributeByOwner().

Impact

If deployment fails silently, awards distribution in _distribute() process won't implement as expected.

Tools Used

Manual review

Recommendations

function _deployProxy(address organizer, bytes32 contestId, address implementation) internal returns (address) {

bytes32 salt = _calculateSalt(organizer, contestId, implementation);

address proxy = address(new Proxy{salt: salt}(implementation));

require(proxy != address(0), "failed deployment"); // added Check!!!!

return proxy;

}

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.