Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

usmannk - Tiered bounties can be claimed even if they are CLOSED #356

Closed
github-actions bot opened this issue Feb 21, 2023 · 0 comments
Closed

usmannk - Tiered bounties can be claimed even if they are CLOSED #356

github-actions bot opened this issue Feb 21, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout

Comments

@github-actions
Copy link

github-actions bot commented Feb 21, 2023

usmannk

medium

Tiered bounties can be claimed even if they are CLOSED

Summary

A bounty is supposed to be claimable only when its status is OPEN. However, the Tiered bounties are both set to closed on the first claim. They continue to be claimable even after this.

Vulnerability Detail

Tiered bounties can be claimed even after their issuer sets them to closed.

https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L203-L249

The bountyIsClaimable function is incorrect by extension.

https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/ClaimManager/Implementations/ClaimManagerV1.sol#L345-L365

Impact

Deposited funds can be lost to claimants even if the bounty is closed.

Code Snippet

Tool used

Manual Review

Recommendation

Change the operation of Tiered bounties such that they do not allow claiming while CLOSED.

Duplicate of #386

@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue labels Feb 21, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue labels Mar 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout
Projects
None yet
Development

No branches or pull requests

1 participant