The transfer logic assumes that it will never face failure when transfering.
The method Pot::_transferReward is responsible for sending rewards to claimants. However, it does not check if the transfer was successful.
The documentation does not specify which exact ERC20 tokens will be used, so this leads to the opportunity of using tokens that do not revert in case of failure and return false.
Funds could remain locked, uncertainness of the funds transfer status
Manual Review, Slither
Consider one of the following approaches
Validate the returned result:
Track which transfer failed and for those users who for some reason cannot receive reward, let the manager take their price instead to void funds lock.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.