solvetony
commented
2 years ago We need more information for the issue
Closed code423n4 closed 2 years ago
solvetony
commented
2 years ago We need more information for the issue
GalloDaSballo
commented
2 years ago Don't believe this to be valid
Lines of code
https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L163
Vulnerability details
Low: you can mint a lot of tokens to contract and inflating the price of tokens and if there is no of getting tokens out of the contract plus if in stakefor function call the function aboves and since there checks and effects patterns are not implemented or reetracy guards all the calls for functions beside erc20 should be in requrire statemnet and emit a event to make sure it happens IRewards(_stakeAddress).stakeFor(msg.sender, _amount); mitgation:make _stakeaddress a state variable and require statment to make it happend