Submission Details
Severity:
`ContestManager::fundContest(uint256)` ignores return value by `token.transferFrom(msg.sender,address(pot),totalRewards)` allowing an attacker to exploit the contest.
Summary
The return value of token.transferFrom(msg.sender,address(pot),totalRewards) call is not checked.
Vulnerability Details
function fundContest(uint256 index) public onlyOwner {
Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
token.transferFrom(msg.sender, address(pot), totalRewards);
}
Impact
If the tokens are unable to revert and generate a false return, an attacker can manipulate the contract by controlling how the funds are managed.
Tools Used
Slither
Recommendations
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
For example,
import {SafeERC20} from "lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";
contract ContestManager is Ownable {
using SafeERC20 for IERC20;
address[] public contests;
mapping(address => uint256) public contestToTotalRewards;
error ContestManager__InsufficientFunds();
constructor() Ownable(msg.sender) {}
function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)
public
onlyOwner
returns (address)
{
Pot pot = new Pot(players, rewards, token, totalRewards);
contests
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.