GalloDaSballo
commented
2 years ago Agree with finding, it would be best to make it convenient to retrieve the bounties
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago Agree with finding, it would be best to make it convenient to retrieve the bounties
Handle
pauliax
Vulnerability details
Impact
In function settleAuction user needs to decide what bounties he/she wants to claim: function settleAuction( uint256[] memory bountyIDs ... withdrawBounty(bountyIDs); but bounties are stored in a private variable: Bounty[] private _bounties; and there are no getter (view) functions to view bounties so I think that makes it very inconvenient for the end-user to find the appropriate ids that are relevant, especially considering there could be SPAM bounties as anyone can call addBounty.
Recommended Mitigation Steps
Consider exposing public view functions to view bounties.