2 matches found
Risk of reentrancy attacks in the claimRewards function
Lines of code Vulnerability details Impact The claimRewards function in the MultiRewardStaking contract is used by users to claim token rewards, but because the function does not contain a nonReentrant modifier and does not implement the CEI standard check-effect-interact it can be subject to...
Owner can steal rewards
Lines of code Vulnerability details Impact Users may not get their AAVE rewards Proof of Concept The claimRewards function allows the owner to send any rewards distributed by AAVE to any address. The rewards are being earned using user's funds but they aren't returned back to users and the owner...