Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 70/96
Findings: 1
Award: $19.64
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
Some tokens have multiple entrypoints, eg. address(a) and address(b) which both use the same balance.
When one of address are used as the reward token eg address(a), the owner can sweep the tokens by calling recoverERC20() on address(b)
ERC token has two entrypoint addresses, address(a) and address(b)
a pledge is created using address(a) which transfers in the reward token.
owner can then call recoverERC20() on address(b) to sweep the reward token
#0 - Kogaroshi
2022-10-30T23:04:23Z
Duplicate of #16
#1 - kirk-baird
2022-11-10T21:40:38Z
I rate this as QA as it is a standard requirement when whitelisting tokens to whitelist both addresses.
#2 - c4-judge
2022-11-10T21:40:44Z
kirk-baird changed the severity to QA (Quality Assurance)
#3 - c4-judge
2022-11-11T23:54:03Z
kirk-baird marked the issue as grade-b