0xKiwi
commented
2 years ago Claiming rewards may be a dangerous enough, so we added this emergency exit in case users may not be able to claim fees.
Closed code423n4 closed 2 years ago
0xKiwi
commented
2 years ago Claiming rewards may be a dangerous enough, so we added this emergency exit in case users may not be able to claim fees.
dmvt
commented
2 years ago Invalid
Handle
PPrieditis
Vulnerability details
Impact
NFTXLPStaking.sol function emergencyExit() looks like redundant code and unnecessary increases code base.
NFTXLPStaking.sol has already very similar function emergencyExitAndClaim(). The only difference between emergencyExitAndClaim() and emergencyExit() is that emergencyExit() does not call _claimRewards(). emergencyExit() does not put user funds at risk because after emergencyExit() it is still possible to call public function claimRewards(). emergencyExitAndClaim() is used only once by automated tests however emergencyExit() is not used at all by automated tests.
function emergencyExit(): https://github.com/code-423n4/2021-12-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L157-L162
function emergencyExitAndClaim(): https://github.com/code-423n4/2021-12-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L149-L155
Recommended Mitigation Steps
Remove function emergencyExit()