Lack of Token Balance Check on transfer of token amounts which can lead to can lead to an inconsistent distribution and token transfer will fail
Summary
In the _distribute function, the code transfers token amounts to winners based on their percentages. However, there is no validation to ensure that the contract has a sufficient balance of the token to cover the total amount being distributed.
Vulnerability Details
Impact
If the contract's balance of the token is insufficient to cover the total amount being distributed, the token transfer will fail. This can lead to an inconsistent distribution process and disrupt the intended flow of the contract.
Tools Used
Manual
Recommendations
Before proceeding with the distribution loop, add a check to ensure that the contract's balance of the token is greater than or equal to the total amount to be distributed. This will prevent failed token transfers due to insufficient balance and ensure a reliable distribution process.
To ensure that the contract has sufficient balance of the token to cover the distribution, implement a balance check before proceeding with the token transfers.
Explanation:
Calculate the total amount that will be distributed (totalDistributionAmount) by summing up the amounts for each winner.
Check if the totalDistributionAmount is less than or equal to the totalAmount of the token held by the contract.
If the balance check passes, proceed with the token transfers as originally intended.
Adding this balance check before distributing tokens ensures that the contract can cover the distribution and prevents failed transfers due to insufficient balances.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.