Open hats-bug-reporter[bot] opened 4 months ago
Thank you for the submission.
BlastERC20RebasingManage.claim simply restricts the rights and forwards the call to the IERC20Rebasing which is already handling the call. The checks at these points rely on the final implementation of the Blast network. We can see that although this check is not performed on the BlastERC20RebasingManage moment, it is still limited to the Blast implementation side
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1742c9cf90c9d7bffa4052aa9d69b1a244ee1d928fdc7b81a1c2135128e02bc9 Severity: high
Description: Description\ under claim function
YieldMode
not checked that could cause a user to call claim function in any mode. Therefore the YieldMode enum will be of no use anymore since the user can claim in any mode. Their should be check under BlastERC20RebasingManage.Claim function to check if a yieldMode is set to CLAIMABLE otherwise make a revert.Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)