Upgraded Q -> 2 from #670 [1675726426987] #703
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-425
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Feb 6, 2023
|
kirk-baird marked the issue as duplicate of #425 |
c4-judge
added
the
satisfactory
|
kirk-baird marked the issue as satisfactory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #670 as 2 risk. The relevant finding follows:
[L-04] Changing rabbitholeReceiptContract in QuestFactory will break currently running quests
rabbitHoleReceiptContract must be the same in QuestFactory and Quest contracts for quests to function correctly. If there is a mismatch, then factory will mint receipts on a contract different from the one quests check when rewards are claimed.
Minting: https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/QuestFactory.sol#L228
Checking: https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L99
QuestFactory has a function that allows changing the receipt contract. If that happens while quests are running, these quests will break.
Recommendation: don't allow changing receipt contract when there are active quests or document this scenario.
The text was updated successfully, but these errors were encountered: