MyCut

First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Unchecked Transfer

Summary

no check on transfer success

Vulnerability Details

in ContestManager.sol , line 37

function fundContest(uint256 index) public onlyOwner {
Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
// @audit no check on success of the transfer, usage of safeERC20 library recommended
token.transferFrom(msg.sender, address(pot), totalRewards);
}

Impact

contest can be considered funded without actually transferring the required tokens.

Tools Used

slither

Recommendations

usage of SafeERC20

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.