Closed sherlock-admin2 closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { no explanation on how that might happen; poorly written report}
Invalid, user input error not valid based on sherlock rules, given this will cause unnecessary donation of tokens to the distributor contract. Also transactions can always be challenged.
iberry
high
input array == 0 will cause to bypass batchTelcoin 's safeTransfer logic
Summary
there's a potential issue with the single-step token transfer clause that might result in token loss.
Vulnerability Detail
In batchTelcoin function when input destinations.length == 0, this will bypass TELCOIN.safeTransfer,clause logic error.
Impact
medium,may be cause token loss
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L185-L203
Tool used
Manual Review
Recommendation
require(destinations.length >0)