Submission Details
Severity:
Token will lock in game contract by transfering directly to the contract lead to stuck tokens in the contract.
Description
There is no function that restrict user to transfer `WinningToken` directly to the game contract. There is mechanism to join the game with token, which tranfer token from caller to the game contract. What if the user tranfer token directly to the game contract? Also contract does not have any container to store the tranfered token from user, The user will loss their token and permanently lock into contract.
Impact
User will lost their tokens results into stuck permanently into the game contract.
Proof of Concept
Add this function into the test file.
```javascript
function test_sendTokenDirectlyToTheGameContract() public {
vm.prank(playerA);
token.transfer(address(game), 1);
assertEq(token.balanceOf(address(game)), 1);
}
```
Recommendations
Protocol should implement the appropriate transfer function which disallow normal user to transfer directly to the contract, Or make the transfer function only callable by the owner.
Make this changes into `WinningToken.sol`
```diff
+ function transfer(address to, uint256 value) public pure override returns (bool) {
+ revert("Direct transfer of the token is not possible");
+ }
```
Updates
Appeal created
m3dython 4 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational
Code suggestions or observations that do not pose a direct security risk.
m3dython 4 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
nSLOC
349This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.