2 matches found
[WP-H4] anchor_basset_reward pending yields can be stolen
Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...
stir to self
Handle gpersoon Vulnerability details Impact The function stir of Cauldron.sol can be manipulated when from == to. In that case the balance of "to" is increased while the balance of "from" isn't decreased. This is due to the fact that a temporary variable is used and the balance of "to" overwrite...