attacker can call sweepRewardToken() when bribesProcessor==0 and reward funds will be lost because there is no check in sweepRewardToken() and _handleRewardTransfer() and _sendTokenToBribesProcessor()
Lines of code Vulnerability details Impact If the value of bribesProcessor was 0x0 the default is 0x0 and governance can set to 0x0 then attacker can call sweepRewardToken make contract to send his total balance in attacker specified token to 0x0 address. Proof of Concept the default value of...