MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unchecked transfer Operation in `Pot::_transferReward`

Dec3mber

Summary

The Pot::_transferRewarduses an unchecked transfer operation to distribute rewards to users. This could result in situations where the reward transfer fails without detection, potentially leaving users without their expected rewards.

Vulnerability Details

The _transferReward function handles the distribution of rewards to individual users:

function _transferReward(address player, uint256 reward) internal {
i_token.transfer(player, reward);
}

This transfer operation does not check the return value to ensure the transfer was successful. If the transfer fails, the function will not revert, leading the contract to believe the transfer was successful when it was not.

Impact

  • User Rewards: Users may not receive their rewards if the transfer fails.

  • Locked Funds: If rewards are not transferred as expected, they may remain locked in the contract, potentially leading to funds being stuck and unusable.

Tools Used

Manual Review

Slither

Recommendations

Implement the SafeERC20 library’s safeTransfer function to handle transfers and ensure the operation’s success:

function _transferReward(address player, uint256 reward) internal {
- i_token.transfer(player, reward);
+ i_token.safeTransfer(player, reward);
}
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.