Upgraded Q -> 2 from #329 [1675575934658]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #329 as 2 risk. The relevant finding follows:

Reentrancy issue on claim() for Erc1155Quest There is a reentrancy issue when claiming ERC1155 tokens, that will you reenter before redeemedTokens is updated. Here is the callback Quest.sol#L114 Stick to the check effects itteration to avoid this issue or add a reentrancyguard;

diff --git a/contracts/Quest.sol b/contracts/Quest.sol index 33163ee..372d2ca 100644 --- a/contracts/Quest.sol +++ b/contracts/Quest.sol @@ -111,10 +111,10 @@ contract Quest is Ownable, IQuest {

    uint256 totalRedeemableRewards = _calculateRewards(redeemableTokenCount);
    _setClaimed(tokens);

_transferRewards(totalRedeemableRewards); redeemedTokens += redeemableTokenCount;
```
emit Claimed(msg.sender, totalRedeemableRewards);
```
_transferRewards(totalRedeemableRewards); }

/// @notice Calculate the amount of rewards

c4-judge commented 1 year ago

kirk-baird marked the issue as duplicate of #239

c4-judge commented 1 year ago

kirk-baird marked the issue as satisfactory

code-423n4 / 2023-01-rabbithole-findings

Upgraded Q -> 2 from #329 [1675575934658] #689