2 matches found
SherDistributionManager.sol:calcReward() wrong conditional statement
Handle Dravee Vulnerability details Impact There's a risk of DOS if maxRewardsEndTVL tvl and zeroRewardsStartTVL tvl 110: ? zeroRewardsStartTVL - Math.maxmaxRewardsEndTVL, tvl 111: : 0; However, just above, we can see this condition: uint256 maxRewardsAvailable = maxRewardsEndTVL tvl ?...
DEPLOYER can drain underlying asset deposited by AaveV2Strategy and drain SHER token in SherDistributionManager
Handle wuwe1 Vulnerability details Proof of Concept For sdm. DEPOLYER can call pullReward and send arbitrary amount of sher in sdm to the DEPOLYER. For AaveV2Strategy.sol , attacker can call withdrawAll and drain the underlying asset if there is any. Recommended Mitigation Steps Add Timelock on...