This repository has been archived by the owner on May 26, 2023. It is now read-only.
rvierdiiev - DepositManagerV1.fundBountyNFT doesn't check if address limit is reached #104
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
rvierdiiev
medium
DepositManagerV1.fundBountyNFT doesn't check if address limit is reached
Summary
DepositManagerV1.fundBountyNFT doesn't check if address limit is reached
Vulnerability Detail
When user wants to make deposit into bounty through
DepositManagerV1.fundBountyToken, thenopenQTokenWhitelistis checking if token is allowed to use and also ifopenQTokenWhitelisthas reached limit of allowed tokens.In case if more tokens than limit is added into openQTokenWhitelist contract, then all deposits should be disallowed.
But user still can deposit using
DepositManagerV1.fundBountyNFTfunction in case if limit is reached, as it checks only if token is allowed.As result that restriction is not working and user is still able to deposit nft into bounty contract.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/DepositManager/Implementations/DepositManagerV1.sol#L113-L147
Tool used
Manual Review
Recommendation
Add same check as in fundBountyToken function.
Duplicate of #530
The text was updated successfully, but these errors were encountered: