Potential Reversion of safeTransferFrom in distributeAssets Function Due to Insufficient Allowance
Summary
The distributeAssets function within the smart contract may revert when attempting to execute safeTransferFrom. This occurs if the caller is not the manager, or if the manager has not set a sufficient token allowance for the LiquidationPool contract.
Vulnerability Details
The contract's distributeAssets function includes a safeTransferFrom call to transfer tokens from the manager's address to the contract's address. If the caller of distributeAssets is not the manager, or if the manager has not authorized the LiquidationPool contract to transfer the required amount of tokens on their behalf (via the approve function in ERC20 tokens), the safeTransferFrom call will fail.
Impact
The reversion of the safeTransferFrom call prevents the distributeAssets function from executing successfully, which can halt the entire distribution process, leading to a failure in the intended operation of the contract. This can impair the liquidity pool's functionality, potentially affecting all stakeholders relying on the timely execution of asset distributions.
Tools Used
Manual Review
Recommendations
Implement a check to ensure that distributeAssets can only be called by the manager, or that the manager has set the necessary allowance for the LiquidationPool contract.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.