Submission Details
Severity:
The manager cut will be lost forever and stuck in the ContestManager.sol contract when the contest is closed.
Vulnerability Details
The closePot function, can only be called by the owner. The function transfers the mangerCutPercent to the msg.sender when called. The problem here is that themsg.sender is the ContestManager.solcontract and there is no way to recover any token sent to it.
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
//@audit H-4 funds will be lost as the contest manager can't widthdraw the funds
i_token.transfer(msg.sender, managerCut);
//@audit dust amount will be lost forever.
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
//@audit H-02 ERC777 reverts
//@audit H-03 DOS if remaining token is less than the claimant
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Impact
Loss of Manager Funds.
Tools Used
Manual Analysis
Recommendations
Allow the caller to pass a recipient address when closing the pot.
Apply the changes to the ContestManager contract.
function _closeContest(address contest) internal {
Pot pot = Pot(contest);
- pot.closePot();
+ pot.closePot(msg.sender);
}
Apply the changes to the Pot contract.
- function closePot() external onlyOwner {
+ function closePot(address to) external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
- i_token.transfer(msg.sender, managerCut);
+ i_token.transfer(to, managerCut);
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Updates
Lead Judging Commences
equious about 1 year ago
Submission Judgement Published Assigned finding tags:
Owner's cut is stuck in ContestManager
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.