Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-01-RABBITHOLE-FINDINGS-ISSUES-674
HistoryJan 30, 2023 - 12:00 a.m.

protocolFeeRecipient might take unclaimed reward token after quest ends.

2023-01-3000:00:00
Code4rena
github.com
4
vulnerability
protocolfeerecipient
unclaimed reward tokens
code
withdrawal
mitigation
onlyadminwithdrawafterend
JSON

Lines of code

Vulnerability details

Impact

Since there is no code to check whether fee has been drawn, withdrawFee() might be called multiple times.
This allows protocolFeeRecipient to steal all of the unclaimed reward tokens after quest ended.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Sublime Text

Recommended Mitigation Steps

Add a code to confirm that the fee can be withdrawn only once as shown below.

bool public withdrawal = false;

function withdrawFee() public onlyAdminWithdrawAfterEnd {
		require(withdrawal == false, "already took withdraw fee");
		withdrawal = true;
		IERC20(rewardToken).safeTransfer(protocolFeeRecipient, protocolFee()); 
}

The text was updated successfully, but these errors were encountered:

All reactions

JSON