The _transferReward()
function itself is not directly vulnerable to a denial-of-service (DoS) attack, as it simply calls the transfer function on the ERC20 token contract. However, unusual behavior or restrictions (e.g., blacklisting addresses, transfer limits), resulting in unsuccessful transfers, and token transfer failure could creates the functional failure.
If the ERC20 token contract has unusual behavior or restrictions (e.g., blacklisting addresses, transfer limits), it could prevent successful transfers, effectively causing a DoS for affected users.
Slither
Implementing a pull over push strategy involves allowing users to withdraw their rewards themselves, rather than the contract automatically sending rewards to them. This can help mitigate issues like failed transfers and gas limitations. A strategy to implement this is to store rewards, modify claimCut()
, and add a withdrawReward()
function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.