Submission Details
Impact:
Likelihood:
Fee collection can fails and lock fund permanently
Fee collection can fail and lock funds permanently due to unsafe transfer methods in Snow::collectFee
Description: The collectFee function uses unsafe transfer() method for WETH tokens instead of the recommended safeTransfer(), which can fail silently and lock funds in the contract permanently.
function collectFee() external onlyCollector {
uint256 collection = i_weth.balanceOf(address(this));
i_weth.transfer(s_collector, collection); // ❌ Unsafe transfer
(bool collected,) = payable(s_collector).call{value: address(this).balance}("");
require(collected, "Fee collection failed!!!");
}
Additionally, the function defines a FeeCollected() event but never actually emits it.
Impact: Fee collection can fail, locking funds permanently in the contract.
Recommended Mitigation: Use safe transfer methods and proper error handling:
function collectFee() external onlyCollector {
uint256 wethBalance = i_weth.balanceOf(address(this));
uint256 ethBalance = address(this).balance;
if (wethBalance > 0) {
i_weth.safeTransfer(s_collector, wethBalance); // ✅ Safe transfer
}
if (ethBalance > 0) {
(bool success,) = payable(s_collector).call{value: ethBalance}("");
if (!success) {
revert S__FeeCollectionFailed();
}
}
emit FeeCollected(); // ✅ Actually emit the event
}
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.