In the original implementation, when DAO.formPOL() is called by Upkeep, specific amount of tokens will be transferred from Upkeep to DAO and deposited for Protocol Owned Liquidity. Sometime not all amount of tokens were deposited. The remaining will be returned to DAO. However, DAO doesn't return the remaining to Upkeep, resulting in it is stuck in DAO.
Mitigation
commit eaf40ef
The mitigation removed DAO.formPOL(). The function is no longer used.
The original issue was resolved.
Lines of code
Vulnerability details
Comments
In the original implementation, when
DAO.formPOL()
is called byUpkeep
, specific amount of tokens will be transferred fromUpkeep
toDAO
and deposited for Protocol Owned Liquidity. Sometime not all amount of tokens were deposited. The remaining will be returned toDAO
. However,DAO
doesn't return the remaining toUpkeep
, resulting in it is stuck inDAO
.Mitigation
commit eaf40ef The mitigation removed
DAO.formPOL()
. The function is no longer used. The original issue was resolved.Conclusion
Confirmed