Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

No check for duplicate winners

Cosmic Bee

Summary

The _distribute function in the Distributor contract lacks a check for duplicate winners in the provided winners array. This absence of validation can lead to participants receiving tokens multiple times, resulting in an unfair distribution and potential loss of trust in the distribution process.

Vulnerability Details

The vulnerability arises due to the missing duplicate address check in the _distribute function. If the winners array contains duplicate addresses, those addresses may receive tokens multiple times, leading to unequal distribution and a negative impact on user trust.

Impact

Unfair Distribution: Duplicate addresses can cause some participants to receive more tokens than others, leading to an unfair distribution of rewards.

Trust Erosion: Participants receiving excessive tokens due to duplicates might lose trust in the distribution process and project, affecting their perception of the system's integrity.

Tools Used

Manual Audit

Recommendations

Duplicate Address Check: Implement a check in the _distribute function to ensure that each address in the winners array appears only once.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.