Platform: Code4rena
Start Date: 25/01/2023
Pot Size: $36,500 USDC
Total HM: 11
Participants: 173
Period: 5 days
Judge: kirk-baird
Total Solo HM: 1
Id: 208
League: ETH
Rank: 164/173
Findings: 1
Award: $2.59
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0xMAKEOUTHILL, 0xMirce, 7siech, AkshaySrivastav, AlexCzm, Awesome, Aymen0909, Cryptor, Deivitto, DimitarDimitrov, ElKu, Garrett, Jayus, Josiah, Kenshin, KrisApostolov, RaymondFam, SovaSlava, Timenov, UdarTeam, amaechieth, btk, c3phas, codeislight, fellows, frankudoags, gzeon, hansfriese, luxartvinsec, millersplanet, mookimgo, navinavu, oberon, paspe, pavankv, petersspetrov, pfapostol, prestoncodes, rbserver, sakshamguruji, shark, thekmj, trustindistrust, tsvetanovv, usmannk, vagrant, vanko1, xAriextz, yosuke
2.5852 USDC - $2.59
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L47
The modifier onlyMinter used in RabbitHoleReceipt.sol and RabbitHoleTickets.sol has no require nor revert statement. This modifier is used in 3 functions. Having no check would mean that this modifier will always be bypassed and would result in everyone having the ability to call the mint and mintBatch functions.
File: contracts/RabbitHoleReceipt.sol 58: modifier onlyMinter() { msg.sender == minterAddress; _; }
File: contracts/RabbitHoleReceipt.sol 47: modifier onlyMinter() { msg.sender == minterAddress; _; }
Add require(msg.sender == minterAddress, "Error message."); or if (msg.sender == minterAddress) revert CustomError();
#0 - c4-judge
2023-02-05T02:50:35Z
kirk-baird marked the issue as duplicate of #9
#1 - c4-judge
2023-02-16T07:30:17Z
kirk-baird marked the issue as satisfactory