Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Recovered tokens are also subject to commission payments

carrotsmuggler

Summary

The contract has a special function to recover tokens stuck in the proxy contract. This function still charges the fee from the contract, and deducts 0.5%.

Vulnerability Details

Impact

Recovery is done via the distributeByOwner function by the owner once the grace period has ended after a contest. This can be invoked due to multiple reasons: cancelled contests, broken contracts, lost keys for the organizer role etc. The owner can send their own list of winners address, and essentially take out all of the funds and then refund them to the organizers.

if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();

_distribute(proxy, data);

The issue is that even in the case of cancellation, the commission fees are still charged. Thus even in the scenario of a broken contract or cancelled event, the organizer is still forced to pay the 0.5% commission fee, since this payment is always executed in the _distribute function. This leads to unnecessary payments to the fee receiver.

Tools Used

Manual Review

Recommendations

Add a separate function to recover tokens which bypasses the fee payment.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.