MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

No check for insufficient tokens which are required to fulful the reward before attempting transfer in Pot contract

ghufranhassan1

Summary

The claimCut function in the Pot contract transfers tokens to a player based on the reward amount stored in playersToRewards. However, there is no explicit check to verify whether the contract has enough tokens to fulfill the transfer request.

function claimCut() public {

address player = msg.sender;

uint256 reward = playersToRewards[player];

if (reward <= 0) {

revert Pot__RewardNotFound();

}

playersToRewards[player] = 0;

remainingRewards -= reward;

claimants.push(player);

_transferReward(player, reward);

}

Vulnerability Details

This test case is designed to simulate an exploit scenario where a player attempts to claim more tokens than the contract currently holds.

The setUp function initializes the Pot contract with a player and sets an initial reward of 1000 tokens for this player.

Only 500 tokens are transferred to the Pot contract, which is deliberately less than the player's reward of 1000 tokens. This simulates a scenario where the contract has insufficient funds to fulfill the reward claim.

The testClaimCutRevertsIfInsufficientFunds function starts by transferring only 500 tokens to the Pot contract, explicitly setting up the test condition where the contract has insufficient funds.

The vm.startPrank(player) function simulates the player's actions. The player attempts to claim their reward using the claimCut function of the Pot contract.

The test case uses vm.expectRevert() to expect the transaction to fail because the Pot contract does not have enough tokens to fulfill the reward.

The contract fails to revert the transaction when it has insufficient funds, it indicates a vulnerability that could be exploited by players to drain funds or cause incorrect behavior.

Below is POC PotTest.sol and run forge test --match-path PotTest.sol

This is the output

// SPDX-License-Identifier: T

pragma solidity ^0.8.20;

import "forge-std/Test.sol"; // Ensure Foundry's std library is imported for test utilities

import "../src/Pot.sol"; // Update to the correct path of your Pot contract

import "./ERC20Mock.sol"; // Update to the correct path of your mock token contract

contract PotTest is Test {

Pot private pot;

ERC20Mock private i_token; // Replace with actual ERC20Mock token instance

address private player;

address private owner;

function setUp() public {

// Initialize addresses

address[] memory players;

uint256[] memory rewards;

rewards = new uint256[](1);

players = new address[](1);

player = address(1); // Properly initialized address

owner = address(this); // Properly initialized as the test contract's address

// Deploy the mock token with the correct arguments

i_token = new ERC20Mock("MockToken", "MT", owner, 2000); // Provide all required arguments

// Initialize Pot contract with initial data

address;

players[0] = player;

uint256;

rewards[0] = 1000;

// Ensure all parameters are correct and initialized

pot = new Pot(players, rewards, IERC20(address(i_token)), 1000);

// Transfer tokens to Pot contract to ensure it has a balance for rewards

i_token.transfer(address(pot), 1000);

}

function testClaimCutRevertsIfInsufficientFunds() public {

// Transfer fewer tokens than required to simulate insufficient funds

i_token.transfer(address(pot), 500);

// Player should try to claim reward

vm.startPrank(player);

//Pot.Pot__InsufficientFunds.selector

vm.expectRevert(); // Corrected error reference

pot.claimCut();

vm.stopPrank();

}

Impact

Impact: If the contract does not hold sufficient tokens, the transfer operation will fail, and the player will not receive their reward. This could lead to a situation where users are unable to claim their rewards due to insufficient funds in the contract.

Tools Used

Foundry

Recommendations

Before claiming, check that the contract (Pot) has enough tokens to cover the reward amount. This can prevent claims from failing due to insufficient funds.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Appeal created

ghufranhassan1 Submitter

about 1 year ago

equious Lead Judge

about 1 year ago

equious Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.