search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-21 MitigationConfirmed #84

Open c4-bot-1 opened 4 months ago

c4-bot-1 commented 4 months ago

Lines of code

Vulnerability details

Comments

In the original implementation, when DAO.formPOL() is called by Upkeep, specific amount of tokens will be transferred from Upkeep to DAO and deposited for Protocol Owned Liquidity. Sometime not all amount of tokens were deposited. The remaining will be returned to DAO. However, DAO doesn't return the remaining to Upkeep, resulting in it is stuck in DAO.

Mitigation

commit eaf40ef The mitigation removed DAO.formPOL(). The function is no longer used. The original issue was resolved.

Conclusion

Confirmed

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory

c4-judge commented 4 months ago

Picodes marked the issue as confirmed for report