MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Manager's cut of the unclaimed rewards is sent to the `ContestManager` contract's address ,making them inaccessible

14xSachet

Description After the deadline of a particular contest has passed, the manager calls the closePot::Pot.sol function to close the pot and claim 10 percent cut of the unclaimed rewards. The token amount calculated is transfered to the msg.sender, which is the ContestManager contract.

The tokens transferred to the ContestManager contract address can never be transfered to any other address. This leads to tokens being stuck in the contract and a loss for the manager.

Impact The tokens transferred to the ContestManager contract remains stuck forever causing a loss to the manager who never receives his cut.

Recommended Mitigation Transfer the tokens to owner's address of the ContestManger contract rather than sending it to the contract itself.

+ import {ContestManager} from "../src/ContestManager.sol";
.
.
.
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
+ i_token.transfer(ContestManager(msg.sender).owner(),managerCut)
- i_token.transfer(msg.sender, managerCut);
...
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Owner's cut is stuck in ContestManager

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.