5 matches found
Risk of flashloan attacks in the Staking contract
Lines of code Vulnerability details Impact An attacker can steal a large amount of rewardsToken from the Staking contract by using flashloans, thus all the users will receive less rewards for their staked amounts. Proof of Concept In the Staking contract any user can stake a given amount of...
Rewards for the Staking.sol contract may be stolen via the first staker
Lines of code Vulnerability details Impact The return amount of the function rewardPerToken may be inflated for the first in the Staking.sol contract. Proof of Concept The Staking.sol contract is designed for the LOT token holders to be able to stake their native tokens. Thus, the token holders...
Function recoverERC20 in StakingRewards allows an owner to transfer out any token except stakingToken
Judge @GalloDaSballo has assessed the 1st item in QA Report 254 as Medium risk. The relevant finding follows: … Function recoverERC20 in StakingRewards allows an owner to transfer out any token except stakingToken. I see 2 problems with this: 1. It should also forbid transferring of rewardsToken,...
ERC20Rewards.sol: Use TransferHelper for rewardsToken
Handle hickuphh3 Vulnerability details Impact As it is used in other contracts, rewardsToken shouldn't be an exception. --- The text was updated successfully, but these errors were encountered: All reactions...
ERC20Rewards.sol: Consider making rewardsToken immutable
Handle hickuphh3 Vulnerability details Impact While it might seem like a good feature to have, being able to switch reward tokens will only be useful for tokens which are equivalent in value probably stablecoins, pegged tokens since it carries over unclaimed rewards from the previous reward...