MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Unchecked return value in `transferFrom` and `transfer` calls, potentially leading to a loss of funds.

myssteeque

Vulnerability Details

These functions ContestManager::fundContest,Pot::closePot,Pot::_transferReward fail to verify the result of the transferFrom and transfer calls. If the transfer fails due to insufficient balance or any other reason, the function will continue to execute without handling the error. This can result in silent transfer failures and potential loss of funds, as the system may proceed as if the transfers were successful.

Impact

The lack of proper error handling could lead to a situation where rewards or contest funds are not transferred correctly, without triggering a failure, the protocol and its users are exposed to potential fund loss.

Tools Used

Manual analysis

Recommendations

Always check the result of transferFrom and transfer.An example fix:

function fundContest(uint256 index) public onlyOwner {
Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
require(token.balanceOf(msg.sender) >= totalRewards, "Insufficient funds");
@>> bool success = token.transferFrom(msg.sender, address(pot), totalRewards);
@>> require(success, "Transfer failed");
}
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.