Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Winner can grief by providing USDC blacklisted address, causing all transfers to fail

0xScourgedev

Summary

A winner can grief the other winners by providing a USDC blacklisted address, which will cause all transfers to the winners to fail.

Vulnerability Details

A winner can grief the other winners by providing a USDC blacklisted address, which will cause all transfers to the winners to fail. Thus preventing all of the winners from receiving funds.

Impact

A winner can grief the other winners by providing a USDC blacklisted address, which will cause all transfers to the winners to fail. Thus preventing all of the winners from receiving funds, which is unexpected behavior.

Tools Used

Manual analysis

Recommendations

Instead of trying to transfer the funds to each address, store in a state variable how many funds each address can withdraw and then create a withdraw function, where each participant can withdraw the funds their own. 1. In this case, if any participant is blacklisted, the remaining winners will be able to get the rest of the funds. Push over pull.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.