2 matches found
[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens
Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...
Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value
Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...