TrungOre - Bounty doesn't work as expected with token revert transferring with amount = 0

[github-actions]

TrungOre

medium

Bounty doesn't work as expected with token revert transferring with amount = 0

Summary

There are some type of ERC20 which revert the transferring when amount = 0

Vulnerability Detail

TieredPercentageBountyV1 is a contest which pays a percentage amount to multiple developers one time based on each claimants' tier, e.g. in a hackathon with 1st, 2nd and 3rd place.
When a winner claim their rewards, for each token the bounty will calculate the amount of tokens corresponding to the percentage of the tier can gain by formula:

uint256 claimedBalance = (payoutSchedule[_tier] * fundingTotals[_tokenAddress]) / 100;

This claimedBalance can be equal to 0 when payoutSchedule[_tier] * fundingTotals[_tokenAddress] < 100. This will make the function TieredPercentageBountyV1.claimTiered() revert in case the _tokenAddress is a weird ERC20 which revert when transferring 0 amount. Then it will incur the failure of function ClaimManagerV1._claimTieredPercentageBounty() when a winner are trying to claim their rewards.
Note that this issue appear in AtomicBounty and TieredFixedBounty when the balance of payoutAddress is equal to 0 due to the refunding.

Impact

User can't claim the rewards

Code Snippet

https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L221-L228

Tool used

Manual review

Recommendation

Check the amount > 0 before transferring

Duplicate of #267