leastwood
withdrawLock() does not prevent users from calling this function when locking has been toggled. As a result, withdraws may be made unexpectedly.
Manual code review
Consider adding require(lockCrv, “!lock”); to withdrawLock() to ensure this function is not called unexpectedly. Alternatively if this is intended behaviour, it should be rather checked that the lock has not been toggled, otherwise users could maliciously relock tokens.
The text was updated successfully, but these errors were encountered:
All reactions