c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #402
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #402
c4-judge
commented
1 year ago dmvt marked the issue as partial-25
c4-judge
commented
1 year ago dmvt changed the severity to 3 (High Risk)
Judge has assessed an item in Issue #752 as 2 risk. The relevant finding follows:
Possibility of MultiRewardEscrow.claimReward() to be vulnerable to a reentrancy attack There are a bunch of external calls before setting accruedRewards[user][_rewardTokens[i]]to zero. Malicious actors can add some exploits on the external calls potentially draining the rewards pool of that reward token. It is recommended to refactor this conforming to the check-effects pattern