2 matches found
addRewardToken() does note remove old entries before adding new ones
Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...
A NFT can be delegated to many NFTS
Lines of code Vulnerability details In VoteEscrowDelegation.sol in the function delegate, there is no check about if the tokenId NFT has already been delegated. Thus is it possible to delegate voting power multiple time. It's even possible to self delegate tokenId = toTokenId multiple times. By...