Zero COMMISSION_FEE Causes Fund Lock in _distribute Function
Summary
Some tokens revert when trying to transfer 0 value, and in the function _distribute if ever the dev decides to deploy the contract with the value of COMMISSION_FEE (as it's commented right after the variable definition) to 0 it will revert and lock funds.
Vulnerability Details
Some very important tokens revert when trying to transfer the value 0, and if the _distribute function is being called but the COMMISSION_FEE is 0 it will call the _commissionTransfer() nevertheless and revert it all locking the funds.
Impact
if ever the dev decides not to charge a fee the contract is not prepared to handle the 0 value and will revert to certain important tokens and lock all the funds. The developer even left a note saying this can be changed in the future, but does not account for the 0 value.
Tools Used
Manual
Recommendations
Set a if statement to make sure the COMMISSION_FEE is not 0, if it is do not call _commissionTransfer(erc20).
Note to Judge
Firstly I thought of this issue as a Low since the COMMISSION_FEE is a hardcoded constant but then if ever the organizer of the contest decides that only the process and the end goals are important and the commission is not the point at all then this would lock all the funds forever, so I bumped it to Medium.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.