The function does not verify if the user has sufficient allowance and balance before invoking safeTransferFrom
in the fee collection function.
While the ERC-20 token’s transfer mechanism (via SafeERC20) will eventually revert if these conditions are not met, the function performs further operations and state updates before this failure is triggered.
Bad User experience and unnnecessary gas costs.
Manual Review
Add explicit checks to verify that the sender’s allowance is at least equal to the amount to be transferred.
Similarly, check that the sender’s balance is sufficient:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.