search

hats-finance / Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb

Fork of the Inverter Smart Contracts Repository
GNU Lesser General Public License v3.0
0 stars 3 forks source link

`LM_PC_Bounties_v1` contract has not any function to unlock `bounty`. #116

Open hats-bug-reporter[bot] opened 3 months ago

hats-bug-reporter[bot] commented 3 months ago

Github username: @robbiestewartdev Twitter username: -- Submission hash (on-chain): 0x55d715ea07a43c022f822d169b380eef201236ebadef448d286b22cd7247f75d Severity: high

Description:

Description

  1. LM_PC_Bounties_v1 contract has not any function to unlock bounty.
  2. And the following functions can only be executed on the unlocked bounties.
    function updateBounty(uint bountyId, bytes calldata details);
        ...
        notLocked(bountyId) //<-------------- @audit
    { ... }

    function addClaim(...)
        ...
        notLocked(bountyId) //<-------------- @audit
        returns (uint id)
    { ... }

    function updateClaimContributors(...)
        ...     
        notClaimed(claimId) //<-------------- @audit
        ...
    { ... }

    function updateClaimDetails(...)
        ...     
        notClaimed(claimId) //<-------------- @audit
        ...
    { ... }

    function verifyClaim(...)
        ...     
        notClaimed(claimId) //<-------------- @audit
    { ... }
  1. So the above functions cannot be used forever for the already locked bounties.

Attack Scenario:

N/A

Attachments

1. Proof of Concept (PoC) File:

N/A

2. Revised Code File (Optional)

  1. Please add BountyUnlocked event to ILM_PC_Bounties_v1 contract.
    event BountyUpdated(uint indexed bountyId, bytes indexed details);
++  event BountyUnlocked(uint indexed bountyId);
    event BountyLocked(uint indexed bountyId);
  1. Please add LM_PC_Bounties_v1#unlockBounty() as follows.
contract LM_PC_Bounties_v1 is ILM_PC_Bounties_v1, ERC20PaymentClientBase_v1 {
    ...
    function lockBounty(uint bountyId)  
        external
        onlyModuleRole(BOUNTY_ISSUER_ROLE)
        validBountyId(bountyId)
        notLocked(bountyId)
    {
        ... 
    }

++  function unlockBounty(uint bountyId)
++      external
++      onlyModuleRole(BOUNTY_ISSUER_ROLE)
++      validBountyId(bountyId)
++  {
++      if(_bountyRegistry[bountyId].locked) {
++          _bountyRegistry[bountyId].locked = false;
++          emit BountyLocked(bountyId);
++      }   
++  }

    ...
}

Description\ Describe the context and the effect of the vulnerability.

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional)

PlamenTSV commented 3 months ago

Intended

FHieser commented 3 months ago

Your describing a missing UX feature at best. In what world is this a high finding :sweat_smile: You can just add another bounty