2 matches found
arbitraryCall allow inherited governance to steal incentives
Handle gzeon Vulnerability details Impact arbitraryCall did not check the balances of incentives, which allow inherited governance to steal the incentives. Proof of Concept Recommended Mitigation Steps Keep track of incentive token addresses in createIncentive and check the balance of each token...
Possible incentive theft through the arbitraryCall() function
Handle toastedsteaksandwich Vulnerability details Impact The Locke.arbitraryCall function allows the inherited governance contract to perform arbitrary contract calls within certain constraints. Contract calls to tokens provided as incentives through the createIncentive function are not allowed i...