Since there is no code to check whether fee has been drawn, withdrawFee() might be called multiple times.
This allows protocolFeeRecipient to steal all of the unclaimed reward tokens after quest ended.
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Sublime Text
Add a code to confirm that the fee can be withdrawn only once as shown below.
bool public withdrawal = false;
function withdrawFee() public onlyAdminWithdrawAfterEnd {
require(withdrawal == false, "already took withdraw fee");
withdrawal = true;
IERC20(rewardToken).safeTransfer(protocolFeeRecipient, protocolFee());
}
The text was updated successfully, but these errors were encountered:
All reactions