2 matches found
addressShare is not updated on arbRestake
Handle hack3r-0m Vulnerability details when intialStake is called, it mints the nft, and on before transfer hook, addressSharesmsg.sender is credited with minted shares when redeemNFT is called, it burns the nft, and on before transfer hook, addressSharesmsg.sender is subtracted with burned share...
Sherlock: arbRestake() doesnt reduce addressShares of owner
Handle GreyArt Vulnerability details Impact As per the documentation, “After 2 weeks without action on an unlocked position arbs can come in to arbRestakeid, 20% of the underlying USDC amount principal + yield is at risk for the owner of the position.” While shares are redeemed for the arbitrager...