The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Users will lose their funds when claiming rewards in the function`LiquidationPool.sol`::`claimRewards()` using transfer

kwakudr

Summary

Users will lose their funds when claiming rewards in the functionLiquidationPool.sol::claimRewards() using transfer

Vulnerability Details

The ERC20 transfer function sends 2300 gas to be used by the receiving contract. When gas prices are really high, users will not be able to claim their rewards since it will require more than the 2300 gas.

Impact

users also will not receive their rewards. If the transfer fails but the contract proceeds as if it was successful (e.g., updating balances, deleting claims), the contract's state could be inconsistent with the actual token balances.

Tools Used

Manual Review

Recommendations

The transfer method is limited to 2300 gas, which might not be sufficient for all ERC20 tokens (especially those with complex logic in their transfer functions). Consider using safeTransfer from OpenZeppelin's SafeERC20 library.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.