2 matches found
managementFee is unfair and can be used to steal stakers deposits
Lines of code Vulnerability details Description managementFee is a fee that is taken on TVL and calculated per year: File: Vault.sol 429: function accruedManagementFee public view returns uint256 430: uint256 managementFee = fees.management; 431: return 432: managementFee 0 433: ?...
Existing tokens can be given to other contracts when assign function is called
Lines of code Vulnerability details Impact In the Turnstile contract when the assign function is called any unregistered contract can register himself as the feeRecipient for any given token id, but in reality only the token owner should be able to assign a new smart contract as feeRecipient for...