while withdrawing incentives, the contract does not check if erc20 transfer was successful or not, if due to minor rounding error (at 17th/18th decimal place, which is possible) and the contract does not have enough token to make the transfer and hence false is returned which is ignored.
So the user is marked claimed however transfer has failed.
cryptofish7
commented
2 years ago
Handle
hack3r-0m
Vulnerability details
https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L4905
while withdrawing incentives, the contract does not check if erc20 transfer was successful or not, if due to minor rounding error (at 17th/18th decimal place, which is possible) and the contract does not have enough token to make the transfer and hence
falseis returned which is ignored.So the user is marked claimed however transfer has failed.
Manual Review
Recommended Mitigation Steps
Use SafeTransfer or TransferHelper