Platform: Code4rena
Start Date: 07/07/2023
Pot Size: $121,650 USDC
Total HM: 36
Participants: 111
Period: 7 days
Judge: Picodes
Total Solo HM: 13
Id: 258
League: ETH
Rank: 41/111
Findings: 1
Award: $341.44
🌟 Selected for report: 0
🚀 Solo Findings: 0
341.4422 USDC - $341.44
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L500 https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L832 https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1027
Note: This risk has been included in the Automated Findings. At that time, the findings given by MEDIUM-4 were not comprehensive. I'm of the opinion that the subsequent findings should also be categorized under MEDIUM-4 and they share a similar level of risk.
Without measuring the balance before and after the transfer, there's no way to ensure that enough tokens were transferred, in the cases where the token has a fee-on-transfer mechanic. If there are latent funds in the contract, subsequent transfers will succeed.
Total: 3
prize-pool/src/PrizePool.sol#L500-L832
500: prizeToken.safeTransferFrom(msg.sender, address(this), _amount); ... 832: prizeToken.safeTransfer(_to, _amount);
vault/src/Vault.sol#L1027-L1155
1027: SafeERC20.safeTransfer(IERC20(asset()), _receiver, _assets);
Token-Transfer
#0 - c4-judge
2023-07-16T22:31:26Z
Picodes marked the issue as duplicate of #470
#1 - c4-judge
2023-08-07T15:12:09Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2023-08-08T10:10:59Z
Picodes marked the issue as unsatisfactory: Out of scope
#3 - c4-judge
2023-08-12T16:00:32Z
Picodes marked the issue as satisfactory