search

code-423n4 / 2023-08-reserve-mitigation-findings

0 stars 0 forks source link

M-09 MitigationConfirmed #26

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Comments

There is a _payoutRewards call to payout rewards before updating draftRSR(mint shares) in the cancelUnstake function after the mitigation:

        _payoutRewards();

        // ==== Transfer RSR from the draft pool
        totalDrafts = newTotalDrafts;
        draftRSR = newDraftRSR;
        emit UnstakingCancelled(firstId, endId, draftEra, account, rsrAmount);

        // Mint new stakes
        mintStakes(account, rsrAmount);
c4-judge commented 1 year ago

0xean marked the issue as satisfactory