If the timeout and strategy rotation mechanism can be bypassed through the harvest() function, one has to wonder the point of its implementation in the first place.
Recommended Mitigation Steps
It makes more sense to have each strategy have its own timeout, so that sufficient time has elapsed (and therefore accumulated rewards) between harvests for each strategy.
Handle
hickuphh3
Vulnerability details
Impact
If the timeout and strategy rotation mechanism can be bypassed through the
harvest()
function, one has to wonder the point of its implementation in the first place.Recommended Mitigation Steps
It makes more sense to have each strategy have its own timeout, so that sufficient time has elapsed (and therefore accumulated rewards) between harvests for each strategy.