MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

ERC777 tokens can DOS the closePot function by forcing it to revert.

joshuajee

Vulnerability Details

When the pot is closed the remaining rewards are sent to the people who claimed their rewards, the problem here is that with ERC777 tokens that call the _callTokensReceivedhook on transfer to the recipient a malicious recipient can cause the transfer to fail by reverting the transaction to the _callTokensReceived Hook.

The malicious contract can revert the tokensReceived call.

function _callTokensReceived(
address operator,
address from,
address to,
uint256 amount,
bytes memory userData,
bytes memory operatorData,
bool requireReceptionAck
)
private
{
address implementer = _erc1820.getInterfaceImplementer(to, TOKENS_RECIPIENT_INTERFACE_HASH);
if (implementer != address(0)) {
@-> IERC777Recipient(implementer).tokensReceived(operator, from, to, amount, userData, operatorData);
} else if (requireReceptionAck) {
require(!to.isContract(), "ERC777: token recipient contract has no implementer for ERC777TokensRecipient");
}
}
}

Impact

  • Unclaimed funds remain stuck forever.

  • Manager are unable to claim their cut.

Tools Used

Manual Analysis

Recommendations

Do not transfer the funds to all the claimants in the closePot function, rather create a function for single transfers and batch transfers to the claimants.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.