The owner can withdraw the unclaimed Erc1155 tokens #574
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-528
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
kirk-baird marked the issue as duplicate of #42 |
c4-judge
added
duplicate-42
downgraded by judge
|
kirk-baird changed the severity to QA (Quality Assurance) |
|
This previously downgraded issue has been upgraded by kirk-baird |
c4-judge
added
3 (High Risk)
c4-judge
added
the
satisfactory
|
kirk-baird marked the issue as satisfactory |
c4-judge
added
2 (Med Risk)
|
kirk-baird changed the severity to 2 (Med Risk) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc1155Quest.sol#L54-L63
Vulnerability details
Impact
In the
Erc20Questcontract, thewithdrawRemainingTokensfunction allows the owner to withdraw the remaining tokens after the end of the quest, the transferred amount is the balance of the contract minus the unclaimed tokens. However, theErc1155Questcontract mismatches this logic, thewithdrawRemainingTokensfunction transfers all the contract balance of the token id stored inrewardAmountInWeiOrTokenId. This represents a significant risk on the users' unclaimedErc1155tokens after the end of the quest.Proof of Concept
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc1155Quest.sol#L54-L63
Tools Used
Manual Code Review
Recommended Mitigation Steps
It is recommended to adjust the
withdrawRemainingTokensfunction to prevent the owner from withdrawing the users' unclaimed ERC1155 tokens.The text was updated successfully, but these errors were encountered: