Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

No events emitted for transferring comission to the STADIUM ADDRESS

sm4rty

Summary

The _commissionTransfer function in the contract does not emit any event.

Vulnerability Details

In the Distributor contract, the _distribute function transfers funds to the winners and commissions to the STADIUM_ADDRESS via the _commissionTransfer function. Although the main distribution event (Distributed) is emitted, it only includes information about the winners, token, percentages, and data. However, it does not include the details of the commission transferred to the STADIUM_ADDRESS.

function _commissionTransfer(IERC20 token) internal {
token.safeTransfer(STADIUM_ADDRESS, token.balanceOf(address(this)));
}

Impact

The lack of emission of critical parameters in the event could affect users with the front-end, as not all data will be shown regarding commission. Additionally, external observers or off-chain systems may not have access to critical information about the commission transferred.

Tools Used

Manual Analysis

Recommendations

The _commissionTransfer function should be modified to emit an event that includes the amount of commission that was transferred.

event CommissionTransferred(address indexed token, address indexed receiver, uint256 amount);
function _commissionTransfer(IERC20 token) internal {
uint256 commissionAmount = token.balanceOf(address(this));
token.safeTransfer(STADIUM_ADDRESS, commissionAmount);
emit CommissionTransferred(address(token), STADIUM_ADDRESS, commissionAmount);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.