c4-judge
commented
9 months ago 0xleastwood marked the issue as duplicate of #53
Closed c4-judge closed 9 months ago
c4-judge
commented
9 months ago 0xleastwood marked the issue as duplicate of #53
c4-judge
commented
9 months ago 0xleastwood marked the issue as satisfactory
c4-judge
commented
9 months ago This auto-generated issue was withdrawn by 0xleastwood
Judge has assessed an item in Issue #5 as 2 risk. The relevant finding follows:
QA-01. VotiumStrategyCore.withdrawStuckTokens should not allow to withdraw cvx token. Description https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/strategies/votium/VotiumStrategyCore.sol#L215-L220 VotiumStrategyCore.withdrawStuckTokens function can be used by malicious owner to withdraw cvx tokens from contract.
Recommendation If token is cvx, then revert.