contracts/src/TreasureHunt.sol — withdraw() is missing onlyOwner modifier present on all other admin functionsDescription
The withdraw() function is intended to let the owner recover leftover funds after the hunt concludes. All other admin functions use onlyOwner or an equivalent require check.
Likelihood:
Any address calls withdraw() after all treasures are claimed — the condition claimsCount >= MAX_TREASURES is publicly readable so anyone knows when it becomes callable
A griefing actor front-runs the owner's withdrawal transaction, forcing the owner to pay gas for a transaction that never executes
Impact:
No financial loss funds always reach the owner
Owner loses control over withdrawal timing and wastes gas if front-run
Anyone can call this once claimsCount reaches MAX_TREASURES
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.