FoundrySolidityLayer 2
7.25 ETH
Submission Details
Impact: medium
Likelihood: medium

Partial Attacker Bounty Is Forcefully Forfeited If Deadline Passes Before Funds Are Available Again

Author Revealed upon completion

DESCRIPTION

function claimAttackerBounty() external nonReentrant {
if (outcome != PoolStates.Outcome.CORRUPTED) revert OutcomeNotSet();
if (bountyClaimed == bountyEntitlement) revert BountyAlreadyClaimed();
if (!goodFaith) revert InvalidGoodFaithParams();
if (msg.sender != attacker) revert NotAttacker();
@> if (block.timestamp > corruptedClaimDeadline) revert ClaimWindowExpired();

In a good-faith corrupted outcome, the named attacker is entitled to a certain stipulated amount which he receives by calling the claimAttackerBounty function. If there isn't enough tokens in the pool to settle the attacker when he calls the function, he is paid a part of the bounty and can claim the rest later when there are tokens in the pool. Should the supposed deadline (if (block.timestamp > corruptedClaimDeadline) revert ClaimWindowExpired();) for the attacker to claim the remaining tokens pass before tokens are available in the pool, he forcefully forfeits the remaining entitlement.

RECOMMENDATION/FIX

  1. Do not expire the remaining entitlement once a valid partial claim has occurred before the dealine.

  2. Track unpaidBounty separately and let the attacker claim later-arriving funds until fully paid.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!