withdrawRemainingTokens withdraw all of fund in Quest except unredeemedToken.
unredeemedToken doesn’t contain unminted receipt so when mint receipt after withdrawRemainingTokens are unclaimable.
Tools Used
Sublime Text
Recommended Mitigation Steps
prevent receipt after endtime or withdrawRemainingTokens.
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc20Quest.sol#L81-L87
Vulnerability details
Impact
mintReceipt could mint receipt after endtime. If owner execute withdrawRemainingTokens user’s receipt that mint after endtime can’t claim.
Proof of Concept
withdrawRemainingTokens withdraw all of fund in Quest except unredeemedToken. unredeemedToken doesn’t contain unminted receipt so when mint receipt after withdrawRemainingTokens are unclaimable.
Tools Used
Sublime Text
Recommended Mitigation Steps
prevent receipt after endtime or withdrawRemainingTokens.