MyCut
AI First Flight #8
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: low
Invalid

Double Funding

lemrabetmoctar1

Their is no check if thevcontest had funded before, Contest had more than he should

Description

  • The function that is responsible of funding the contest should has a check if the contest had funded before or not to avoide double funding

  • Their is no anytype of check if teh contest had funded before or not so admin can funded it again by accident

function fundContest(uint256 index) public onlyOwner {
Pot pot = Pot(contests[index]);
IERC20 token = pot.getToken();
uint256 totalRewards = contestToTotalRewards[address(pot)];
if (token.balanceOf(msg.sender) < totalRewards) {
revert ContestManager__InsufficientFunds();
}
//@> their is no check !!!!!!
token.transferFrom(msg.sender, address(pot), totalRewards);
}

Risk

Likelihood:

  • Anytime teh admin/manager try to fund a contest he can face this problem

Impact:

  • Double funding can cost the protocole money and the player gets more than they should

Proof of Concept

Anytime teh admin/manager create a contest and try to fund it

1- create a contest
2- try to fund it with 1 ETH
3- try to fund it with any amount e.g 2 ETH this will pass since their is no check
4- contest had now 3 ETH

Recommended Mitigation

Adding check to teh fundcontest function to see if the contest had funded before or not

+ if (contestFunded[address(pot)]) {
+ revert ContestManager__AlreadyFunded(); }
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 4 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!