Closed code423n4 closed 3 years ago
cmichel
The Hypervisor's stake action states:
stake
token transfer: transfer staking tokens from msg.sender to vault
But no tokens are ever transferred.
Anyone with a permission can lock any amount of tokens.
Transfer the tokens or clarify how this comment is supposed to be understood.
Handle
cmichel
Vulnerability details
Vulnerability Details
The Hypervisor's
stakeaction states:But no tokens are ever transferred.
Impact
Anyone with a permission can lock any amount of tokens.
Recommended Mitigation Steps
Transfer the tokens or clarify how this comment is supposed to be understood.