2 matches found
The pledge creators can't withdraw unused funds after the pledge is expired in the pause mode.
Lines of code Vulnerability details Impact Currently, the pledge creators can't do anything after the protocol is paused. So they can't withdraw their unused funds after the pledge is expired in the pause mode and the funds will be locked in the contract. Proof of Concept As we can see from...
The pledge creators might lose all of their funds by recoverERC20().
Lines of code Vulnerability details Impact There is a recoverERC20 function to withdraw ERC20 tokens from the contract. Currently, it checks if the token isn't an active reward token but it can be passed easily if the admin removes the reward token using removeRewardToken. So if the admin removes...