Staker can withdraw a staked LP token amount that is small enough to ensure that lpPosition.points does not change when calling NeoTokyoStaker._withdrawLP function and cause extra reward shares, which the staker is not entitled to, to be minted to the staker when calling lpPosition.getPoolReward function later

Lines of code Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw function, which further calls the following NeoTokyoStaker.withdrawLP function, to withdraw each of such...

Mail.ru: [pandao.ru] Возможность списания несуществующих бонусных баллов

Race condition TOCTOU in pandao.ru marketplace allowed to use bonus points more than once. On the time of reporting, pandao.ru runs temporary pre-bug bounty competition program with $1000 bounties for vulnerabilities related to money/points/orders manipulation...