The Snow contract imports SafeERC20 and applies using SafeERC20 for IERC20 for safe ERC20 interactions. The buySnow() function correctly uses safeTransferFrom() on line 83.
The collectFee() function calls i_weth.transfer() directly (line 103) instead of i_weth.safeTransfer(). The transfer() function returns a boolean that is not checked. If the WETH implementation returns false on failure rather than reverting, fees are silently lost.
Likelihood:
Standard WETH implementations revert on failure, so this vulnerability is unlikely to manifest with canonical WETH contracts. It becomes exploitable with non-standard ERC20 tokens that return false on failure.
Impact:
If WETH transfer silently fails, the function proceeds to send native ETH. WETH fees accumulate permanently in the contract with no recovery path, while the collector only receives native ETH.
This is a code-review finding confirmed by comparing the SafeERC20 usage across the contract. Line 83 uses safeTransferFrom (correct), while line 103 uses transfer (inconsistent and unsafe).
Replace transfer() with safeTransfer() for consistency and safety.
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.