Closed github-actions[bot] closed 1 year ago
I disagree that this is Medium since the claimTieredFixed on the TieredFixedBountyV1.sol contract is onlyClaimManager
, and the only method on ClaimManager
that calls this method does set tierClaimed
at the end of the transaction.
Nonetheless, I agree that tierClaimed
would ideally be set INSIDE this method rather than from outside, so I will fix
Given we also have nonReentrant
on this, I do think this is not a Medium severity
Agree with the Sponsor comment. Considering this issue as low
ak1
medium
_claimTieredPercentageBounty
and_claimTieredFixedBounty
should update thesetTierClaimed
inside theclaimTiered
claimTieredFixed
Summary
In the current code flow, the tierClaimed[_tier] is updated after completing the transactions.
Refer the function _claimTieredPercentageBounty and _claimTieredFixedBounty
when we look at the flow .
_claimTieredFixedBounty
->claimTieredFixed
The check
require(!tierClaimed[_tier], Errors.TIER_ALREADY_CLAIMED);
is done inside theclaimTieredFixed
but the status is updated inside the_claimTieredFixedBounty
.The same is done to
_claimTieredPercentageBounty
Vulnerability Detail
Refer the summary section
Impact
I do see the
nonReentrant
in theclaimTieredFixed
, but still would like to flag to the team about this logic. It is giving control to external user who can do anything.Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L278-L341
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/TieredFixedBountyV1.sol#L91-L107
Tool used
Manual Review
Recommendation
we suggest to update the
tierClaimed[_tier]
inside the inside theclaimTieredFixed
call itself. the same goes to percentage based tier claim.