2 matches found
LQTYStaking.sol – Reentrancy risk in stake() unstake() functions
Lines of code Vulnerability details In the LQTY smart contract, the stake and unstake functions are used to add or remove a certain amount of LQTY tokens from a user's stake, respectively. Both functions are designed to update the user's stake and the total amount of LQTY staked while allowing...
First staker staking can lead to unfair profiting
Lines of code Vulnerability details Impact A caller is able to drain all of the fees from the pool if the caller stakes prior to totalLQTYStaked, in the LQTYStaking contract, being greater than 0. When the protocol is first deployed, FLUSD is zero. It is increased when troves are opened. If a...