Lack of Total Amount Validation in areListsValid Function
Summary
Missing validation for a total sum of amounts in TSender::areListValid function.
Vulnerability Details
Because of the missing check in TSender::areListValid the function will return true if the sum of amounts is bigger than totalAmount. Later when TSender::airdropERC20 is invoked with bad parameters it will revert because it will hit the check below.
We can avoid this by simply moving the check from TSender::airdropERC20 to TSender::areListValid.
By doing this we will avoid the transaction reverting and save some money to the user because even if the transaction revert he still pays for the gas.
TSender::areListValid function should return false if the sum of amounts is bigger than totalAmount param in TSender::airdropERC20
Impact
If the sum of the amounts array in TSender::airdropERC20 is bigger than totalAmount then the transaction will revert at some point and no one will receive airdrop.
Tools Used
Manual Review
Recommendations
TSender::areListValid should return false if the sum of the amounts is bigger than totalAmount in TSender::airdropERC20.
Make sure totalAmount in TSender::airdropERC20 is equal or less than total amount of amounts in TSender::areListValid.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.