Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

### [M-2] Potential Denial-Of-Service (DOS) in ```Snow::collectFee``` Function.

wolf_kalp

[M-2] Potential Denial-Of-Service (DOS) in Snow::collectFee Function.

Description

Potential Denial-Of-Service (DOS) in Snow::collectFee Function. The Function relies
On Low-Level calls to transfer ether to collector.if the collector refuses to accept ether
via fallabck,then it leads disruption of fee collection and making the eth frozen

Impact:

1.Eth gets locked in contract.

2.May face delays in collection of fees.

Proof of Concept

function test_feecollectiondos() public {
vm.deal(bob, 10 ether);
vm.startPrank(bob);
snow.buySnow{value: 1e18}(1);
vm.stopPrank();
rejectingcollector rc = new rejectingcollector();
vm.startPrank(collector);
snow.changeCollector(address(rc));
vm.stopPrank();
vm.startPrank(address(rc));
snow.collectFee();
vm.stopPrank();
}
}
contract rejectingcollector {
fallback() external payable {
revert(" i dont want ether");
}
receive() external payable{
revert(" i dont want ether");
}
}
├─ [29924] Snow::collectFee()
│ ├─ [3240] MockWETH::balanceOf(Snow: [0x2e234DAe75C793f67A35089C9d99245E1C58470b]) [staticcall]
│ │ └─ ← [Return] 0
│ ├─ [9279] MockWETH::transfer(rejectingcollector: [0xF62849F9A0B5Bf2913b396098F7c7019b51A820a], 0)
│ │ ├─ emit Transfer(from: Snow: [0x2e234DAe75C793f67A35089C9d99245E1C58470b], to: rejectingcollector: [0xF62849F9A0B5Bf2913b396098F7c7019b51A820a], value: 0)
│ │ └─ ← [Return] true
│ ├─ [310] rejectingcollector::receive{value: 1000000000000000000}()
│ │ └─ ← [Revert] revert: i dont want ether
│ └─ ← [Revert] revert: Fee collection failed!!!
└─ ← [Revert] revert: Fee collection failed!!!

Recommended Mitigation

If Owner can Change The collector Then this issue can be fixed

+event EtherTransferFailed(address indexed collector, uint256 amount);
function collectFee() external onlyCollector {
uint256 collection = i_weth.balanceOf(address(this));
i_weth.transfer(s_collector, collection);
// Attempt to transfer Ether and handle failure gracefully
(bool collected, ) = payable(s_collector).call{
value: address(this).balance
}("");
if (!collected) {
+emit EtherTransferFailed(s_collector, address(this).balance);
}
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge
3 months ago
yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.