3 matches found
setStrategy() Can Happen Without Timelock
Lines of code Vulnerability details Impact /// @dev This is a rug vector, pay extremely close attention to the next strategy being set. /// Changing the strategy should happen only via timelock. function setStrategyaddress strategy external whenNotPaused onlyGovernance; requirestrategy != address...
Controller.setStrategy tries to withdraw JPEG token with incorrect function strategy.withdraw(address), leading to certain revert and renders setStrategy unuseable
Lines of code Vulnerability details Impact Whenever STRATEGISTs want to switch from currently used strategy to another one, they are required to call the Controller.setStrategy function. This function is responsible for first withdrawing CRV and JPEG tokens from strategy contract into vault, then...
Possible griefing attack on vault setStrategy
Handle harleythedog Vulnerability details Impact In the function setStrategy within Vault.sol, there is a requirement that strategy.investedAssets == 0 so that no funds are left stuck in the strategy. A malicious user could strategically transfer 1 wei of underlying to the strategy or any other...