MyCut

First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

No Verification of Token Approval

Summary

The fundContest function does not verify if the ContestManager contract has been approved to transfer the required amount of tokens on behalf of the sender.

Vulnerability Details

The function proceeds with the transferFrom call without checking if the sender has granted sufficient allowance to the ContestManager.

Impact

If the allowance is insufficient, the transferFrom operation will fail, leading to failed transactions and an inability to fund contests as intended.

Tools Used

Manual Review

Recommendations

Verify the token allowance before proceeding with the transferFrom operation.

require(token.allowance(msg.sender, address(this)) >= totalRewards, "Insufficient allowance");
Updates

Lead Judging Commences

equious Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.