The owner can withdraw the unclaimed Erc1155 tokens #574
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-528
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc1155Quest.sol#L54-L63
Vulnerability details
Impact
In the
Erc20Quest
contract, thewithdrawRemainingTokens
function allows the owner to withdraw the remaining tokens after the end of the quest, the transferred amount is the balance of the contract minus the unclaimed tokens. However, theErc1155Quest
contract mismatches this logic, thewithdrawRemainingTokens
function transfers all the contract balance of the token id stored inrewardAmountInWeiOrTokenId
. This represents a significant risk on the users' unclaimedErc1155
tokens after the end of the quest.Proof of Concept
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc1155Quest.sol#L54-L63
Tools Used
Manual Code Review
Recommended Mitigation Steps
It is recommended to adjust the
withdrawRemainingTokens
function to prevent the owner from withdrawing the users' unclaimed ERC1155 tokens.The text was updated successfully, but these errors were encountered: