kiki_dev - No way of claiming airdrop rewards.
Closed this issue · 0 comments
kiki_dev
high
No way of claiming airdrop rewards.
Summary
Many NFT's provide airdrops to users that hold thier NFT's. However there is no functionality that allows depositors or claimants to retrieve these airdrops if it is sent to the bounty contract.
Vulnerability Detail
Bounties that hold NFT's are still eligible to recieve air drops. For example if a person deposited a gods unchained NFT during their airdrop event all of the $GODS tokens and $IMX would have been locked in the contract. That user or recipient of that bounty would of lost out on potnetialy thousands of dollars worth of tokens becasue it was locked. Same could be said for BAYC airdrop or any future airdrops.
The bounty currently doesn't implement any method to claim or distribute those rewards. The result is a loss of user yield on their NFT. Aside from the loss of funds, it also highly disincentivizes users from using NFT's as bounty rewards.
Impact
Users who are supposed to recieve airdrop rewards will loose all of those rewards.
Code Snippet
Tool used
Manual Review
Recommendation
I would recommend adding a function to claim rewards. After the rewards end, the bounty should create an airdrop to distribute those tokens to the deserving users. Or implement a way for those rewards to be added onto the funds being moved (either via refund or claim).