F-2025-0004·code-quality
getClaimDelegate Function Not Blocked When Delegated Claiming is Disabled
TL;DR
NFTGatedMerkleDistributor disables delegated claiming by reverting on the setters and the claim path, but getClaimDelegate remains callable. The inconsistency is purely cosmetic but should be aligned for clarity.
Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description
Description
The NFTGatedMerkleDistributor contract has delegated claims disabled. The following functions:
setClaimDelegate()batchDelegateClaim()delegateClaim()
are blocked using revert. However the getClaimDelegate() is not.
03Section · Impact
Impact
No impact to the protocol functionality, only inconsistent implementation.
04Section · Recommendation
Recommendation
Block getClaimDelegate() for consistency with the other delegate-related functions.
05Section · Resolution
Resolution
TokenTable: Acknowledged.
