2 matches found
GHSA-7HRH-V6WP-53VW Evmos allows unvested token delegations
Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade...
A user can 'borrow' dMute balance for a single block to increase their amplifier APY
Lines of code Vulnerability details The amplifier's APY is calculated based on the user's dMute balance delegation balance to be more accurate - the more dMute the user holds the higher APY they get. However, the contract only checks the user's dMute balance at staking, the user doesn't have to...