Open hats-bug-reporter[bot] opened 3 months ago
Github username: @robbiestewartdev Twitter username: -- Submission hash (on-chain): 0x55d715ea07a43c022f822d169b380eef201236ebadef448d286b22cd7247f75d Severity: high
Description:
LM_PC_Bounties_v1
bounty
function updateBounty(uint bountyId, bytes calldata details); ... notLocked(bountyId) //<-------------- @audit { ... } function addClaim(...) ... notLocked(bountyId) //<-------------- @audit returns (uint id) { ... } function updateClaimContributors(...) ... notClaimed(claimId) //<-------------- @audit ... { ... } function updateClaimDetails(...) ... notClaimed(claimId) //<-------------- @audit ... { ... } function verifyClaim(...) ... notClaimed(claimId) //<-------------- @audit { ... }
N/A
BountyUnlocked
ILM_PC_Bounties_v1
event BountyUpdated(uint indexed bountyId, bytes indexed details); ++ event BountyUnlocked(uint indexed bountyId); event BountyLocked(uint indexed bountyId);
unlockBounty()
contract LM_PC_Bounties_v1 is ILM_PC_Bounties_v1, ERC20PaymentClientBase_v1 { ... function lockBounty(uint bountyId) external onlyModuleRole(BOUNTY_ISSUER_ROLE) validBountyId(bountyId) notLocked(bountyId) { ... } ++ function unlockBounty(uint bountyId) ++ external ++ onlyModuleRole(BOUNTY_ISSUER_ROLE) ++ validBountyId(bountyId) ++ { ++ if(_bountyRegistry[bountyId].locked) { ++ _bountyRegistry[bountyId].locked = false; ++ emit BountyLocked(bountyId); ++ } ++ } ... }
Description\ Describe the context and the effect of the vulnerability.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Intended
Your describing a missing UX feature at best. In what world is this a high finding :sweat_smile: You can just add another bounty
Github username: @robbiestewartdev Twitter username: -- Submission hash (on-chain): 0x55d715ea07a43c022f822d169b380eef201236ebadef448d286b22cd7247f75d Severity: high
Description:
Description
LM_PC_Bounties_v1
contract has not any function to unlockbounty
.Attack Scenario:
N/A
Attachments
1. Proof of Concept (PoC) File:
N/A
2. Revised Code File (Optional)
BountyUnlocked
event toILM_PC_Bounties_v1
contract.unlockBounty()
as follows.Description\ Describe the context and the effect of the vulnerability.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)