4 matches found
Should also check balanceOfRewards in _withdrawAll()
Lines of code Vulnerability details Impact withdrawAll should check that all of your positions are unwinded. It does check balanceOfPool and LOCKER.balanceOf. Then withdrawToVault in BaseStrategy.sol can transfer all want to the vault. But it doesn’t check reward tokens. want could also be one of...
If token == BADGER, the _handleRewardTransfer function does not work
Lines of code MyStrategy.solL405-L413 BaseStrategy.solL346-L353 Vault.solL396-L415 Vulnerability details Impact In MyStrategy.sol, when claiming bribes or sweeping reward tokens, the handleRewardTransfer function is called which calls sendToBadgerTree to send the amount of BADGER in the contract ...
Add a timelock to BaseStrategy:setPerfFeePct
Handle Dravee Vulnerability details Impact To give more trust to users: functions that set key/critical variables should be put behind a timelock. Proof of Concept Tools Used VS Code Recommended Mitigation Steps Add a timelock to setter functions of key/critical variables. --- The text was update...
wrong YAXIS estimates
Handle cmichel Vulnerability details The Harvester.getEstimates contract tries to estimate a YAXIS amount but uses the wrong path and/or amount. It currently uses a WETH input amount to compute a YAXIS - WETH trade. address memory path; path0 = IStrategystrategy.want; path1 =...