Wrong design/implementation of freeTrial allows attacker to steal funds from the protocol

Handle WatchPug Vulnerability details The current design/implementation of freeTrial allows users to get full refund before the freeTrial ends. Plus, a user can transfer partial of thier time to another user using shareKey. This makes it possible for the attacker to steal from the protocol by...

Transfer method doesn't consider gained interest correctly,

Handle pants Vulnerability details Impact transfer method doesn't consider gained interest correctly. For example, a user that gained 10% of interest and moves the LP tokens to another user might lose the gained interest. This is a severe bug and all other LP tokens out there manages the interest...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...