You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 26, 2023. It is now read-only.
Attacker could post bounty where _amount is greater than msg.value, but lower than the balance of the contract, then claim/approve said bounty for themselves. This would effectively steal the difference between _amount - msg.value.
Suggested fix:
When bounty is denominated in ether, set amount for that bounty equal to msg.value
The text was updated successfully, but these errors were encountered:
When bounty is denominated in ether, only validation on the amount field when a bounty is created is
require(_amount >= msg.value);
smart_contracts/contracts/bounty/BountyIndex.sol
Line 75 in 9100e1c
Attacker could post bounty where _amount is greater than msg.value, but lower than the balance of the contract, then claim/approve said bounty for themselves. This would effectively steal the difference between _amount - msg.value.
Suggested fix:
When bounty is denominated in ether, set amount for that bounty equal to msg.value
The text was updated successfully, but these errors were encountered: