Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Not using `safeTransfer` can cause reward loss for auction players

y4y

Summary

In the auction contract, auctionToken.transfer is used instead of safeTransfer, when some unexpected behavior happens and transfer fails, it would cause user to not receive rewards, and the user cannot claim again.

Vulnerability Details

In the claimTokens function:

function claimTokens() external {
if (!ended) {
revert AuctionNotYetEnded();
}
uint256 userBids = bids[msg.sender];
if (userBids == 0) {
revert NoTokensToClaim();
}
uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);
bids[msg.sender] = 0;
auctionToken.transfer(msg.sender, claimable);
emit TokensClaimed(msg.sender, claimable);
}

we see transfer is used, for some tokens, upon transfer failure, they do not revert, instead return false, in this case, the function would finish executing normally, but user would not receive their shares of prize, and their bid status would be cleared to zero, preventing them from claiming again.

Impact

For some tokens, in the case of transfer failure, user will not receive their shares of auction token, cause loss of funds.

Tools Used

Manual review

Recommendations

Use safeTransfer for token transfer instead

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.