MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Fund Locking in `ContestManager::fundContest`

esoetheric

Summary

The ContestManager::fundContest function allows funding after a contest's expiration, which can lead to permanent fund locking.

Vulnerability Details

The ContestManager::fundContest function permits multiple funding attempts even after the contest has expired. Funds sent to expired contests may remain locked if no mechanism exists to retrieve them.

Impact

Funds could become permanently locked if there is no method for reclaiming them after the contest has expired.

Tools Used

Manual code review.

Recommendations

Allow funding only a single time, a very fast solution might be to add a mapping to verify if a contest has been funded before, for instance we could add:

mapping(address => bool) public funded;

Then we could refactor ContestManager::fundContest like this:

function fundContest(uint256 index) public onlyOwner {
Pot pot = Pot(contests[index]);
require(!funded[address(pot)]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
funded[address(pot)] = true;
token.transferFrom(msg.sender, address(pot), totalRewards);
}
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

esoetheric Submitter
about 1 year ago
esoetheric Submitter
about 1 year ago
equious Lead Judge
about 1 year ago
equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.