The fundContest
function does not verify if the ContestManager
contract has been approved to transfer the required amount of tokens on behalf of the sender.
The function proceeds with the transferFrom
call without checking if the sender has granted sufficient allowance to the ContestManager
.
If the allowance is insufficient, the transferFrom
operation will fail, leading to failed transactions and an inability to fund contests as intended.
Manual Review
Verify the token allowance before proceeding with the transferFrom
operation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.