TSender

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

function doesnt assumed failed transfer

sm2368688

The flaw lies in the assumption that a failed transfer within the loop won't affect the addedAmount variable.

Here's a breakdown of the issue:

Incomplete addedAmount Update:

The code updates addedAmount only after a successful transfer: addedAmount := add(addedAmount, mload(0x24)).
If a transfer fails (causing a revert within the loop), the addedAmount wouldn't be incremented for that specific recipient.

Mismatched Totals:
In case of a failed transfer, the totalAmount might not be fully distributed, leading to a mismatch between the intended and actual transferred amounts.
The final check if iszero(eq(addedAmount, totalAmount)) might still pass even if some transfers failed, as addedAmount wouldn't reflect the missing transfers.

Consequences:

The airdrop might not distribute the intended total amount if some transfers fail.
The final check wouldn't accurately reflect the actual transferred amount, potentially masking issues during the airdrop process.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

256

59 USDC / LOC

High Medium

12,500 USDC

Low

1,375 USDC

Judges

1,125 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.