Judge @GalloDaSballo has assessed the 1st item in QA Report #163 as Medium risk. The relevant finding follows:
…
Reentrency in claimRewards in ConcurRewardPool
The function claimRewards is open to reenterncy, if the safeTransfer function of a token calls the claimRewards again the tokens can be transferred multiple times. This probabely won't happen because if the token is a "bad token", then it is probably not a known token or it is just a contract the attacker deployed for the attack, so the tokens won't have any real value, but it is still worth mentioning. A possible solution for that is to move the line reward[msg.sender][_tokens[i]] = 0 before the call to safeTransfer.
CloudEllie
commented
2 years ago
Judge @GalloDaSballo has assessed the 1st item in QA Report #163 as Medium risk. The relevant finding follows:
…
Reentrency in
claimRewardsin ConcurRewardPoolThe function
claimRewardsis open to reenterncy, if the safeTransfer function of a token calls theclaimRewardsagain the tokens can be transferred multiple times. This probabely won't happen because if the token is a "bad token", then it is probably not a known token or it is just a contract the attacker deployed for the attack, so the tokens won't have any real value, but it is still worth mentioning. A possible solution for that is to move the linereward[msg.sender][_tokens[i]] = 0before the call tosafeTransfer.