Platform: Code4rena
Start Date: 25/01/2023
Pot Size: $36,500 USDC
Total HM: 11
Participants: 173
Period: 5 days
Judge: kirk-baird
Total Solo HM: 1
Id: 208
League: ETH
Rank: 171/173
Findings: 1
Award: $0.75
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0xRobocop, 0xmrhoodie, 0xngndev, AkshaySrivastav, ArmedGoose, Atarpara, Bauer, CodingNameKiki, ElKu, Garrett, HollaDieWaldfee, IllIllI, Iurii3, KIntern_NA, KmanOfficial, Lotus, M4TZ1P, MiniGlome, Ruhum, SovaSlava, bin2chen, bytes032, carrotsmuggler, cccz, chaduke, codeislight, cryptonue, doublesharp, evan, fs0c, glcanvas, gzeon, hansfriese, hihen, hl_, holme, horsefacts, ladboy233, lukris02, mahdikarimi, manikantanynala97, martin, mert_eren, mrpathfindr, omis, peakbolt, peanuts, prestoncodes, rbserver, rvierdiiev, sashik_eth, timongty, tnevler, trustindistrust, usmannk, wait, yixxas, zadaru13, zaskoh
0.7512 USDC - $0.75
Erc20Quest.withdrawFee withdraw the protocolFee to protocolFeeRecipient. onlyAdminWithdrawAfterEnd prevents people from calling the method before the time end but anybody can call this method any amount of time. Someone could call withdrawFee multiple time and reduce the rewardToken until there's not enough for participants.
Suggest to add more check to make sure only some people can execute the method.
#0 - c4-judge
2023-02-05T06:11:41Z
kirk-baird marked the issue as duplicate of #23
#1 - c4-judge
2023-02-14T08:54:38Z
kirk-baird changed the severity to 3 (High Risk)
#2 - c4-judge
2023-02-14T08:56:55Z
kirk-baird marked the issue as selected for report
#3 - c4-judge
2023-02-14T08:57:04Z
kirk-baird marked the issue as satisfactory
#4 - c4-judge
2023-02-14T08:57:29Z
kirk-baird marked the issue as not selected for report
#5 - c4-judge
2023-02-20T09:30:42Z
kirk-baird marked the issue as duplicate of #605