Submission Details
Impact:
Likelihood:
[L-1] Out-of-bounds index check missing in `ContestManager::fundContest` results in transaction revert
[L-1] Out-of-bounds index check missing in `ContestManager::fundContest` results in transaction revert
Description
-
The `fundContest` function gets the address of the contest to fund from an array using an index passed as parameter.
-
However, there is no "out-of-bounds" check, which can lead to transactions reverting.
function fundContest(uint256 index) public onlyOwner {
@> Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
token.transferFrom(msg.sender, address(pot), totalRewards);
}
Risk
Likelihood:
When the input index is out of bounds
Impact:
Transaction revert
Recommended Mitigation
Add a require statement at the start of the `fundContest` function.
function fundContest(uint256 index) public onlyOwner {
+ require(index < contests.length, "Contest index out of bounds");
Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
token.transferFrom(msg.sender, address(pot), totalRewards);
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.