Sparkn

Summary

If the developers whitelist a token with a low number of decimals, there is a potential for the distribution to fail.

Vulnerability Details

Inside the distribution function, there is a math equation that calculates how much each winner should receive. The issue is with how the amount is calculated. uint256 amount = totalAmount * percentages[i] / BASIS_POINTS;

For example, let's use imaginary token X: it only uses 6 decimal places, so after an organizer created a contest and sent .005 X, (At the time of writing this, .005 BTC is worth around $135, I mentioned this to show that it is plausible, even though the developers mention they want to use stablecoins in Sparkn), to the contract, it's now impossible to distribute the funds correctly if the winner's percentage is too low.

In Solidity, 5000 * 1 / 10,000 is equal to zero, since 10,000 doesn't fit into 5000 at least once.

Impact

This could cause funds to be lost inside of Proxy contracts forever if a token uses a low number of decimals and/or a winner has a low winning percentage.

Tools Used

Manual Review

Recommendations

Implement a conditional that ensures the amount is over some threshold, or just add decimals/zeros on the end of the numbers before dividing them.