This repository has been archived by the owner on May 26, 2023. It is now read-only.
Jeiwan - The NFT deposit limit may be not enough for tiered bounties #533
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Jeiwan
medium
The NFT deposit limit may be not enough for tiered bounties
Summary
The number of tiers is not limited in the tiered bounty contracts, however no more than 5 NFT tokens can be deposited to a bounty contract. As a result, bounty minters cannot run bounty programs that have more than 5 tiers and that award winners with NFTs.
Vulnerability Detail
When initializing a tiered bounty contract, the maximal number of NFT tokens tha can be funded is set to 5, without allowing the minter to change the number. A tiered bounty contract cannot receive more than the 5 NFT tokens. However, the number of tiers in a bounty program is not limited.
Impact
Bounty minters cannot use the protocol to run bounty programs with more than 5 tiers that award winners with NFT tokens.
Code Snippet
TieredPercentageBountyV1.sol#L48
TieredFixedBountyV1.sol#L49
TieredBountyCore.sol#L25-L28
Tool used
Manual Review
Recommendation
In the tiered bounty contracts, consider letting bounty minters decide the deposit limit of NFT tokens.
Duplicate of #262
The text was updated successfully, but these errors were encountered: