Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

0xbepresent - The payoutVolume() is not implemented in the Tiered bounty type. #378

Closed
github-actions bot opened this issue Feb 21, 2023 · 0 comments
Closed

0xbepresent - The payoutVolume() is not implemented in the Tiered bounty type. #378

github-actions bot opened this issue Feb 21, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout

Comments

@github-actions
Copy link

github-actions bot commented Feb 21, 2023
edited
Loading

0xbepresent

medium

The payoutVolume() is not implemented in the Tiered bounty type.

Summary

The payOutVolume is not implemented in the Tiered contests causing a revert in the OpenQV1.sol::solvent() function.

Vulnerability Detail

The function OpenQV1.sol::solvent() helps to determine if the bounty has enough funds to cover the payouts.

There is a comment in the solvent() function that says: @notice Determines whether or not an ongoing bounty or tiered bounty have enough funds to cover payouts. That is, the ongoing bounty or tiered bounty should return if the bounty is solvent but the tiered bounty does not have the payoutVolume therefore when the bounty is a tiered type the solvent function will be reverted.

Impact

The solvent() function determines to the external if the bounty has enough funds to cover payouts. External entites can not have the information causing misinformation outside the protocol.

I created a test in OpenQ.test.js. The solvent() call for Tiered bounty will be reverted.

it('should return TRUE for solvent tiered contracts', async () => {
    // Tiered bounty does not implement the bounty.payoutVolume() function.
    // 1. Create the tiered bounty type.
    // 2. Fund the tiered bounty.
    // 3. Call the OpenQ.solvent() and it will be reverted by call exception
    //
    // 1. Create the tiered bounty type.
    //
    await openQProxy.mintBounty(
    Constants.bountyId,
    Constants.organization,
    tieredBountyInitOperation_permissionless
    )
    const bountyAddress = await openQProxy.bountyIdToAddress(Constants.bountyId)
    const bounty = await OngoingBountyV1.attach(bountyAddress)
    //
    // 2. Fund the tiered bounty.
    //
    await mockLink.approve(bountyAddress, 10000000)
    await depositManager.fundBountyToken(
    bountyAddress,
    mockLink.address,
    10000000,
    1,
    Constants.funderUuid
    )
    //
    // 3. Call the OpenQ.solvent() and it will be reverted by call exception
    //
    await expect(openQProxy.solvent(Constants.bountyId)).to.be.reverted;
})

Code Snippet

File: OpenQV1.sol
405:     /// @notice Determines whether or not an ongoing bounty or tiered bounty have enough funds to cover payouts
406:     /// @param _bountyId The bounty id
407:     /// @return True if solvent, false otherwise
408:     function solvent(string calldata _bountyId) external view returns (bool) {
409:         IBounty bounty = getBounty(_bountyId);
410: 
411:         uint256 balance = bounty.getTokenBalance(bounty.payoutTokenAddress());
412:         return balance >= bounty.payoutVolume();
413:     }

Tool used

Vscode

Recommendation

Implement the payoutVolume for the Tiered bounty types.

Duplicate of #301
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue labels Feb 21, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue labels Mar 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin