If transfer of any reward token returns False or reverts for whatever reason, users who deposited will not be able to withdraw their deposit. A malicious pool creator could abuse this to lock tokens from victims by using two reward tokens, one normal/valuable token that transfers normally, and one βevilβ token that will revert whenever its transfer function is called during a withdraw
Add an emergency withdraw function that allows withdrawing oneβs deposit without receiving any reward token.
In addition, one might want to consider adding a function allowing users to receive each reward token separately.
The text was updated successfully, but these errors were encountered:
All reactions