GalloDaSballo
commented
2 years ago Very much appreciated finding that notifies the sponsor of some recent CVX updates. Because there's no POC, I believe low severity to be appropriate
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago Very much appreciated finding that notifies the sponsor of some recent CVX updates. Because there's no POC, I believe low severity to be appropriate
Handle
kenzo
Vulnerability details
The ConvexStakingWrapper that Yield is based on recently published a fix for
earnedfunction in case the pool is claimed indirectly.Impact
Wrong results might be returned from view function
earned.Proof of Concept
This is the fix for earned: fix commit
Recommended Mitigation Steps
Apply fix.