3 matches found
Upgraded Q -> M from 18 [1656705895450]
Judge has assessed an item in Issue 18 as Medium risk. The relevant finding follows: Multiple initialization The initialize method of the BkdLocker contract allows it to be started multiple times as long as the value startBoost=0 is set. Abuse these settings to his advantage. Affected source code...
wrong reward distribution and user fund lose if migrate() is called with current rewardToken by mistake or intentionally
Lines of code Vulnerability details Impact It's possible to call migrate function of BkdLocker with newRewardToken value equal to current rewardToken and there is no check to prevent this. and if this happens then userCheckpoint will calculated reward double times for rewardToken, one time becaus...
BkdLocker#depositFees() can be front run to steal the newly added rewardToken
Lines of code Vulnerability details Every time the BkdLockerdepositFees gets called, there will be a surge of rewards per locked token for the existing stakeholders. This enables a well-known attack vector, in which the attacker will take a large portion of the shares before the surge, then claim...