This repository has been archived by the owner on May 26, 2023. It is now read-only.
usmannk - Tiered bounties can be claimed even if they are CLOSED
#356
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Non-Reward
This issue will not receive a payout
usmannk
medium
Tiered bounties can be claimed even if they are
CLOSED
Summary
A bounty is supposed to be claimable only when its status is
OPEN
. However, the Tiered bounties are both set to closed on the first claim. They continue to be claimable even after this.Vulnerability Detail
Tiered bounties can be claimed even after their issuer sets them to closed.
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L203-L249
The
bountyIsClaimable
function is incorrect by extension.https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L345-L365
Impact
Deposited funds can be lost to claimants even if the bounty is closed.
Code Snippet
Tool used
Manual Review
Recommendation
Change the operation of Tiered bounties such that they do not allow claiming while
CLOSED
.Duplicate of #386
The text was updated successfully, but these errors were encountered: