3 matches found
PoolSelector.computePoolAllocationForDeposit could return an unfair value.
Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...
Not all ERC20 tokens return boolean on transfer
Lines of code Vulnerability details Impact Some ERC20 tokens do not conform to the standard of returning a boolean when transfer is called. If one of these tokens is included as a reward token, the withdraw function will be irrevocably broken, and users won't be able to collect their reward or...
Pool Creators Can Reject Taxes From Being Withdrawn
Lines of code Vulnerability details Impact Upon pool creation, stakers can opt to earn rewards by staking their deposit tokens. When these deposit tokens are withdrawn, reward tokens are sent to the owner of the receipt along with their deposit tokens. A tax is charged on any rewards accrued by t...