lucas-manuel
commented
3 years ago Informational, won't address
Closed code423n4 closed 3 years ago
lucas-manuel
commented
3 years ago Informational, won't address
lucas-manuel
commented
3 years ago Not a bug
Handle
paulius.eth
Vulnerability details
Vulnerability details
Contract MplRewards should have an emergency withdraw function that is common in such contracts. emergencyWithdraw should allow users to withdraw their stakes without caring about the rewards. This can happen, for example, if the owner's wallet is compromised and it sets periodFinish (function updatePeriodFinish) to 0 making function getReward fail every time. Also you can add a check in the function updatePeriodFinish that timestamp >= lastUpdateTime so that this calculation won't fail: lastTimeRewardApplicable().sub(lastUpdateTime).