code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

withdrawBounty the same bounty multiple times #201

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

The same bounty can be claimed multiple times as it remains active. 'bounty' points to the memory variable, so its state is not persisted: Bounty memory bounty = _bounties[bountyIds[i]]; require(bounty.active); IERC20(bounty.token).transfer(msg.sender, bounty.amount); bounty.active = false;

Recommended Mitigation Steps

A simple solution would be to use a storage pointer instead: Bounty storage bounty = _bounties[bountyIds[i]];

frank-beard commented 2 years ago

duplicate of https://github.com/code-423n4/2021-09-defiprotocol-findings/issues/168

GalloDaSballo commented 2 years ago

Duplicate of #168

GalloDaSballo commented 2 years ago

I ended up downgrading this finding as well as marking as duplicate because the warden didn't specify any attack vector via the vulnerability.