[M] No checks in place to ensure that the token being transfered is paused
Summary
There are some tokens that can be paused by the owner.
If a whitelisted token gets paused during the execution of the _distribute function,
there will be issues with the distribution logic.
The _distribute function starts by checking if the provided token address is whitelisted using
the _isWhiteListed function.
Vulnerability Details
Assuming the token is whitelisted and valid for distribution,
the function proceeds to calculate the distribution amounts and initiate the transfers.
During the execution of the _distribute function, the token's admin decides to pause the token contract
due to security concerns or regulatory requirements.
If the _distribute function had already performed some transfers before the token was paused,
those transfers could succeed and tokens could be sent to the winners' addresses.
Impact
However, when the token contract is paused, any further transfers of that token are blocked.
This could lead to some of the distribution transfers failing and others succeeding,
resulting in an inconsistent and incomplete distribution of prizes.
Tools Used
Manual Review
Recommendations
Its important to check the status of the token contract before calling the safeTransfer function.
For example, checking if its paused beforehand.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.