Submission Details
Impact:
Likelihood:
Unchecked transfer in Pot::closePot and Pot::_transferReward causing silent failure and users not receiving tokens
Unchecked transfer in Pot::closePot and Pot::_transferReward causing silent failure and users not receiving tokens as promised affecting trust.
Description
Missing checks for success when transferring tokens out of the contract in Pot::closePotand Pot::_transferReward. This opens the contract for possible case where transaction do not revert in case of failure and return false. In the case of the protocol, users might not receive their tokens as promised.
Risk
Likelihood:
It occurs when a transfer failed due to either blacklisted or the Pot contract does not have enough tokens
Impact:
-
Users not receiving their token
-
Lost of trust
Recommended Mitigation
Add in relevant checks using require to allow revert on failure.
function _transferReward(address player, uint256 reward) internal {
- i_token.transfer(player, reward);
+ bool success = i_token.transfer(player, reward);
+ require(success);
}
//within closePot function
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
- i_token.transfer(msg.sender, managerCut);
+ bool success = i_token.transfer(msg.sender, managerCut);
+ require(success);
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.