Open code423n4 opened 2 years ago
GreyArt
Other relevant view functions like lockupEnd(), sherRewards() and tokenBalanceOf() revert for non-existent IDs, but viewRewardForArbRestake() doesn’t.
lockupEnd()
sherRewards()
tokenBalanceOf()
viewRewardForArbRestake()
Include the existence check in viewRewardForArbRestake().
if (!_exists(_tokenID)) revert NonExistent();
Handle
GreyArt
Vulnerability details
Impact
Other relevant view functions like
lockupEnd(),sherRewards()andtokenBalanceOf()revert for non-existent IDs, butviewRewardForArbRestake()doesn’t.Recommended Mitigation Steps
Include the existence check in
viewRewardForArbRestake().if (!_exists(_tokenID)) revert NonExistent();