Submission Details
Impact:
Likelihood:
Snow.collectFee() Uses .transfer() Not .safeTransfer() for WETH
Root + Impact
Description
Line 103 uses
i_weth.transfer()-- the raw IERC20 method. WhileSafeERC20is imported and activated (using SafeERC20 for IERC20), the.transfer()call resolves to the native IERC20 method, notsafeTransfer(). For tokens that don't return a bool (e.g. USDT), this would revert.
i_weth.transfer(s_collector, collection); // raw transfer, not safeTransfer
Risk
Likelihood:
Works with current mock but breaks with non-standard tokens.
Impact:
Fee collection permanently reverts, locking all accumulated WETH and ETH fees.
Proof of Concept
i_weth.transfer(s_collector, collection); // raw transfer, not safeTransfer
Recommended Mitigation
- i_weth.transfer(s_collector, collection);
+ i_weth.safeTransfer(s_collector, collection);
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.