Calling Erc1155Quest.withdrawRemainingTokens
function for an ERC1155 quest can possibly withdraw rewards that are associated with minted RabbitHole receipts
#443
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-528
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/main/contracts/Erc1155Quest.sol#L54-L63
Vulnerability details
Impact
The
Erc20Quest.withdrawRemainingTokens
function prevents theErc20Quest
contract's owner from withdrawing the unclaimed reward token amounts that are associated with the minted RabbitHole receipts after the quest is ended. However, this is not the case for the followingErc1155Quest.withdrawRemainingTokens
function. After the ERC1155 quest is ended, if the rewards for some minted RabbitHole receipts are not withdrawn yet, calling theErc1155Quest.withdrawRemainingTokens
function by theErc1155Quest
contract's owner can transfer these unclaimed reward token amounts to the specifiedto_
address even though such owner has no malicious intent. Afterwards, regaining these deserved reward token amounts can be troublesome to the affected RabbitHole receipt holders, especially these who need to use their reward tokens in a timely manner.https://github.com/rabbitholegg/quest-protocol/blob/main/contracts/Erc1155Quest.sol#L54-L63
Proof of Concept
Please append the following test in the
withdrawRemainingTokens()
describe
block inquest-protocol\test\Erc1155Quest.spec.ts
. This test will pass to demonstrate the described scenario.Tools Used
VSCode
Recommended Mitigation Steps
The
Erc1155Quest.withdrawRemainingTokens
function can be updated to not allow any withdrawals of the unclaimed reward token amounts that are associated with the minted RabbitHole receipts so it becomes consistent with theErc20Quest.withdrawRemainingTokens
function.The text was updated successfully, but these errors were encountered: