Players can claim their cut using ClaimCut() function , which calls the another function _transferReward()
The _tranferReward() function ignores the boolean return value of the i_token.transfer() function call. It state-updates a player's reward balance to zero before verifying if the token transfer actually succeeded.
Likelihood:
High. since it's the main function through which players/ contenstants are able to receive their rewards , hence this vulnerability is likely to occur
Impact:
High: It results in a permanent loss of funds/rewards for legitimate users without a path for recovery.
This test sets up the contract without funding it. It then forces a player to claim, verifying the broken state modification.
Run this command in your Foundry project terminal terminal to see the logs:
To fix this vulnerability, use OpenZeppelin's SafeERC20 library. This library wraps standard ERC-20 operations and forces a hard transaction revert if a transfer returns false.
Step-by-Step Fixes:
Import SafeERC20 from the OpenZeppelin library.
Apply using SafeERC20 for IERC20; to the contract.
Replace .transfer() with .safeTransfer().
Implement a Checks-Effects-Interactions pattern (though safeTransfer protects you, keeping the state mutation before external calls is best practice).
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.