This is despite that fact that the bounty can also be funded by NFT deposits. The OngoingBountyV1 currently implements the receiveNFTfunction but fails to provide a way to claim them.
Impact
While NFT deposits can be recovered later, this breaks the protocol and temporarily locks the funders NFTs until the expiration period elapses. Users will also be deceived into assuming that the NFTs are part of the bounty.
ck
medium
_claimOngoingBounty
only claims thepayoutToken
but allows NFT depositsSummary
_claimOngoingBounty
only claims thepayoutToken
but allows NFT depositsVulnerability Detail
The
_claimOngoingBounty
only claimspayoutToken
by callingclaimOngoingPayout
:This is despite that fact that the bounty can also be funded by NFT deposits. The
OngoingBountyV1
currently implements thereceiveNFT
function but fails to provide a way to claim them.Impact
While NFT deposits can be recovered later, this breaks the protocol and temporarily locks the funders NFTs until the expiration period elapses. Users will also be deceived into assuming that the NFTs are part of the bounty.
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/OngoingBountyV1.sol#L96-L112
Tool used
Manual Review
Recommendation
Prevent deposits of any other token other than the
payoutToken
for the case of ongoing bountys. Alternatively add claim functionality for NFTs.Duplicate of #352