oot2k - FootiumPrizeDistributor should use SafeERC20 functions #38

sherlock-admin · 2023-05-05T16:03:31Z

oot2k

medium

FootiumPrizeDistributor should use SafeERC20 functions

Summary

The claimERC20Prize() function of FootiumPrizeDistributor uses token.transfer to transfer tokens. This function can silently revert (USDT...) and not transfer any token, while still updating the totalERC20Claimed.
The user will now lose funds.

Vulnerability Detail

The claimERC20Prize() function of FootiumPrizeDistributor uses token.transfer can lead to wrong stored totalERC20Claimed.

Impact

Possible loss of funds for Prize Receiver.

Code Snippet

https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L130

Tool used

Manual Review

Recommendation

We recommend using openzeppelin SafeTransfer functions.

Duplicate of #86

github-actions bot closed this as completed May 10, 2023

github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels May 10, 2023

sherlock-admin added the Reward A payout will be made for this issue label May 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oot2k - FootiumPrizeDistributor should use SafeERC20 functions #38

oot2k - FootiumPrizeDistributor should use SafeERC20 functions #38

sherlock-admin commented May 5, 2023 •

edited by github-actions bot

Loading

oot2k - FootiumPrizeDistributor should use SafeERC20 functions #38

oot2k - FootiumPrizeDistributor should use SafeERC20 functions #38

Comments

sherlock-admin commented May 5, 2023 • edited by github-actions bot Loading

FootiumPrizeDistributor should use SafeERC20 functions

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-admin commented May 5, 2023 •

edited by github-actions bot

Loading