Closed c4-judge closed 1 year ago
kirk-baird marked the issue as duplicate of #42
This auto-generated issue was withdrawn by kirk-baird
This previously downgraded issue has been upgraded by kirk-baird
kirk-baird marked the issue as satisfactory
kirk-baird changed the severity to 2 (Med Risk)
Judge has assessed an item in Issue #664 as 3 risk. The relevant finding follows:
[L-2] ERC1155 Quest: withdrawRemainingTokens should factor in total number of receipts minted before withdrawal
Issue: There may be users with unredeemed receipts who will not be able to claim if all the remaining tokens are withdrawn to the owner after a quest has ended. Ideally, the process should be the same as ERC20 where this is taken into account.
Suggested Fix: Include the Quest Factory contract in the ERC1155 contract as well (e.g. through the constructor similar to receiptContractAddress_)
In withdrawRemainingTokens() function:
Link to Github Reference: https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Erc1155Quest.sol#L52-L63