Platform: Code4rena
Start Date: 25/01/2023
Pot Size: $36,500 USDC
Total HM: 11
Participants: 173
Period: 5 days
Judge: kirk-baird
Total Solo HM: 1
Id: 208
League: ETH
Rank: 113/173
Findings: 1
Award: $17.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CodingNameKiki
Also found by: 0x1f8b, 0x4non, 0x5rings, 0xAgro, 0xMirce, 0xRobocop, 0xSmartContract, 0xackermann, AkshaySrivastav, ArmedGoose, Aymen0909, BClabs, Breeje, Dewaxindo, Diana, HollaDieWaldfee, IceBear, IllIllI, Iurii3, Josiah, Krayt, PaludoX0, Phenomana, PrasadLak, RaymondFam, Rolezn, SaeedAlipoor01988, SaharDevep, SleepingBugs, adriro, arialblack14, bin2chen, brevis, btk, carlitox477, carrotsmuggler, catellatech, chaduke, chrisdior4, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, fellows, glcanvas, halden, hl_, horsefacts, jat, joestakey, kenta, libratus, lukris02, luxartvinsec, manikantanynala97, martin, matrix_0wl, nadin, nicobevi, oberon, peanuts, prestoncodes, rbserver, sakshamguruji, sashik_eth, sayan, seeu, thekmj, tnevler, trustindistrust, tsvetanovv, xAriextz, zadaru13, zaskoh
17.196 USDC - $17.20
[L1] Use Ownable2StepUpgradeable instead of Ownable2Step : in Quest, QuestFactory, RabbitHoleReceipt and RabbitHoleTickets.
[L2] SHOULD AN AIRDROP TOKEN ARRIVE ON THE ERC20Quest OR ERC1155Quest CONTRACTS, IT WILL BE STUCK NFTs are transferred to the ERC1155Quest contract and in case of airdrop due to these NFTs, it will be stuck in the contract as there is no function to take these airdrop tokens from the contract. Same thing happens for the tokens transferred to the ERC20Quest contract.
Important NFT project owners are given airdrops, especially since the project includes NFTs such as BAYC, Moonbirds, Doodles, Azuki, there is a high probability of receiving Airdrops, but there is no function to withdraw incoming airdrop tokens, so airdrop tokens will be stuck in the contract.
A common method for airdrops is to collect airdrops with claim, so the ERC1155Quest.sol and ERC20Quest.sol contracts can be considered upgradagable, adding a function to make claim non reward tokens (either erc20, erc721 or erc1155 being airdropped, but with different address than reward token).
[L3] Change name of custom error NoWithdrawDuringClaim to more correct NoWithdrawDuringClaimOrBeforeStart.
#0 - c4-judge
2023-02-06T23:13:41Z
kirk-baird marked the issue as grade-c
#1 - kirk-baird
2023-02-14T09:48:49Z
As #657 and #638 are also QA issues for this warden I'm going to raise it to grade-b
#2 - c4-judge
2023-02-14T09:48:56Z
kirk-baird marked the issue as grade-b