From 3a19731ee637ff2423fca9ffa9dcbd82b5ad90b9 Mon Sep 17 00:00:00 2001
From: Andres Martin Aiello <50411235+andresaiello@users.noreply.github.com>
Date: Tue, 14 Nov 2023 13:43:45 -0300
Subject: [PATCH] implement immunefi improvements (#131)

* implement immunefi improvements

* add codeowners
---
 .github/CODEOWNERS                                  |  1 +
 .../contracts/disperse/Disperse.sol                 | 13 +++++++++++--
 .../liquidity-incentives/RewardDistributor.sol      |  1 +
 3 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 .github/CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..3ec79e40
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*     @andresaiello @fadeev @lucas-janon
diff --git a/packages/zevm-app-contracts/contracts/disperse/Disperse.sol b/packages/zevm-app-contracts/contracts/disperse/Disperse.sol
index 9adc5cec..c3afe2ae 100644
--- a/packages/zevm-app-contracts/contracts/disperse/Disperse.sol
+++ b/packages/zevm-app-contracts/contracts/disperse/Disperse.sol
@@ -5,9 +5,18 @@ import "@openzeppelin/contracts/interfaces/IERC20.sol";
 
 contract Disperse {
     function disperseEther(address[] calldata recipients, uint256[] calldata values) external payable {
-        for (uint256 i = 0; i < recipients.length; i++) payable(recipients[i]).transfer(values[i]);
+        require(recipients.length == values.length, "Recipients and values length mismatch");
+
+        for (uint256 i = 0; i < recipients.length; i++) {
+            (bool sent, ) = payable(recipients[i]).call{value: values[i]}("");
+            require(sent, "Failed to send Ether");
+        }
+
         uint256 balance = address(this).balance;
-        if (balance > 0) payable(msg.sender).transfer(balance);
+        if (balance > 0) {
+            (bool sent, ) = payable(msg.sender).call{value: balance}("");
+            require(sent, "Failed to refund remaining Ether");
+        }
     }
 
     function disperseToken(IERC20 token, address[] calldata recipients, uint256[] calldata values) external {
diff --git a/packages/zevm-app-contracts/contracts/liquidity-incentives/RewardDistributor.sol b/packages/zevm-app-contracts/contracts/liquidity-incentives/RewardDistributor.sol
index 5b2f6693..4c30b8a1 100644
--- a/packages/zevm-app-contracts/contracts/liquidity-incentives/RewardDistributor.sol
+++ b/packages/zevm-app-contracts/contracts/liquidity-incentives/RewardDistributor.sol
@@ -44,6 +44,7 @@ contract RewardDistributor is StakingRewards {
 
     function _addLiquidity(uint256 tokenAmountA, uint256 tokenAmountB) internal returns (uint256) {
         stakingTokenA.transferFrom(msg.sender, address(this), tokenAmountA);
+        stakingTokenA.approve(systemContract.uniswapv2Router02Address(), 0);
         stakingTokenA.approve(systemContract.uniswapv2Router02Address(), tokenAmountA);
 
         stakingTokenB.transferFrom(msg.sender, address(this), tokenAmountB);