Reward claimers can call the get accrued reward function multiple times and maybe even drain the contract
As we can see there’s no check setting the accrued reward to zero after the rewards have been transferred
Manual review
Add a setter than sets the reward to zero after the function has been called
Reentrancy
The text was updated successfully, but these errors were encountered:
All reactions