Submission Details
Impact:
Likelihood:
Unchecked return value of i_token.transfer() in closePot for manager cut
Root + Impact
Unchecked return value of i_token.transfer() in closePot for manager cut
Description
The
transfercall sending the manager's cut inclosePotdoes not check its return value. A failed transfer silently skips the manager's payout while continuing to distribute to claimants, with no indication of failure.
// Root cause in the codebase with @> marks to highlight the relevant section
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
@> i_token.transfer(msg.sender, managerCut); //audit-low we are not checking the transaction return false or true
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length; // audit-high logic issue with division lead to stuck funds in contract forever
for (uint256 i = 0; i < claimants.length; i++) { //audit-gas better store calimants length in a variable and loop through it
_transferReward(claimants[i], claimantCut);
}
}
}
Risk
Likelihood:
-
Occurs with non-standard ERC20 tokens that return
falseon failure -
Less critical than M-1/M-2 as the owner controls token choice, but still a real risk
Impact:
-
Impact 1
-
Impact 2
Proof of Concept
Recommended Mitigation
- remove this code
-i_token.transfer(msg.sender, managerCut);
+i_token.safeTransfer(msg.sender, managerCut);
+ add this code
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.