Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 95/96
Findings: 1
Award: $9.91
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ladboy233
Also found by: 0x52, 0xDecorativePineapple, 0xhunter, Aymen0909, Bnke0x0, Dravee, JTJabba, Jeiwan, Lambda, Nyx, Picodes, Trust, cccz, cryptonue, csanuragjain, dic0de, hansfriese, horsefacts, imare, minhtrng, pashov, peritoflores, rbserver, rvierdiiev, wagmi, yixxas
9.9073 USDC - $9.91
recoverERC20() allows the retrieval of all ERC20 tokens from contract whereas the comment indicates it is only meant to retrieve those tokens that have been sent by mistake. Allowing to retrieve all tokens also enables the retrieval of legitimate ones. It could be seen as allowing a rug pull by project and should be avoided.
VSCode
Prevent the retrieval of legitimate tokens.
#0 - Kogaroshi
2022-10-30T23:09:49Z
Duplicate of #17
#1 - c4-judge
2022-11-10T07:45:00Z
kirk-baird changed the severity to QA (Quality Assurance)
#2 - c4-judge
2022-11-11T20:54:46Z
kirk-baird marked the issue as not a duplicate
#3 - c4-judge
2022-11-11T20:55:10Z
kirk-baird marked the issue as satisfactory
#4 - c4-judge
2022-11-11T20:55:18Z
kirk-baird marked the issue as duplicate of #17
#5 - c4-judge
2022-12-06T17:32:42Z
Simon-Busch marked the issue as duplicate of #68