This repository has been archived by the owner on May 26, 2023. It is now read-only.
libratus - Attacker can block NFT deposits for the bounty by filling up the limit #384
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
libratus
medium
Attacker can block NFT deposits for the bounty by filling up the limit
Summary
Bounties have a limit of 5 NFT rewards. Attacker can exploit that and prevent bounty owner from depositing NFTs.
Vulnerability Detail
Bounties can be funded with up to 5 NFTs. Funding is permissionless, meaning anyone can send tokens to the bounty contract. Furthermore, refunding an NFT deposit does give the slot back as it doesn't remove the item from
nftDepositscollection. This can be exploited in a number of ways. For example, if bounty owner wants to deposit multiple NFTs to the bounty contract, attacker can do the following:Bounty owner will not be able to deposit any of the remaining NFTs. As a result, the bounty contract will be rendered useless and the NFT that was deposited first will be locked until expiration.
Impact
Attacker can render deployed bounty contract useless
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/AtomicBountyV1.sol#L125-L135
Tool used
Manual Review
Recommendation
Consider denying external users to fund bounties. Alternatively, allow bounty owner to deposit NFTs in batch so that the issue described above cannot hurt the depositor
Duplicate of #262
The text was updated successfully, but these errors were encountered: