stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off.
imagine a scenario where the cooldown period is off and the REWARDER_ROLE wants to distribute rewards on USDe stakers.
Bob an attacker , views the transaction on the mempool and frontruns it with a deposit call.
vscode
do not transfer the reward USDe to the staking contract, until the vesting period for it is expired.
ERC4626
The text was updated successfully, but these errors were encountered:
All reactions