3 matches found
setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract
Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...
FlywheelCore's setFlywheelRewards can remove access to reward funds from current users
Lines of code Vulnerability details Impact FlywheelCore.setFlywheelRewards can remove current reward funds from the current users' reach as it doesn't check that newFlywheelRewards' FlywheelCore is this contract. If it's not, by mistake or with a malicious intent, the users will lose the access t...
FlywheelCore.setBooster() can be used to steal unclaimed rewards
Lines of code Vulnerability details Impact A malicious authorized user can steal all unclaimed rewards and break the reward accounting Even if the authorized user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Furthermore since this...