Technically can sweep out LP tokens since those are ERC4626 for AURA (low severity)

[ksyao2002]

Communication channel: GalloDaSballo (discord)

Description\ Rescue Rewards doesn't protect the Staked Tokens, such as the ERC4626 tokenized Deposits from Aura

Attack Scenario\

This requires the admin to sweep out the funds, so it's just a QA finding

Attachments

1. Proof of Concept (PoC) File

   function rescueRewardTokens(IERC20 reward, address receiver) external onlyGlobalAdmin {
   reward.safeTransfer(receiver, reward.balanceOf(address(this)));
   }

Allows to sweep tokens that represent the AURA deposits

[fico23]

I dont think this is an issue since Aura Vault tokens can also be rescued with this function. For example this ERC4626 https://optimistic.etherscan.io/address/0x9f43f726df654e033b04c39989af90ab44875feb

@ksyao2002

[GalloDaSballo]

This should fall as OOS due to Admin Findings being OOS, but technically the owner can rug via that