mehdi-defiesta
commented
1 month ago Thanks @Zena-park. Here's the contract update : Link
Closed Zena-park closed 1 month ago
mehdi-defiesta
commented
1 month ago Thanks @Zena-park. Here's the contract update : Link
Zena-park
commented
1 month ago I confirmed. Thank you.
Describe the bug
What someone has staked can be unstaken by another person.
https://github.com/tokamak-network/gem-nft-contract/blob/b31e833a38901bee6287b869d34c523bfe13dea2/src/L1/L1WrappedStakedTON.sol#L128-L131
Impact
Any user can unstake someone else's stake.
Exploit Scenario
No response
Recommendation
When should we use the requestWithdrawalTo function? If we don't need it, it's better to remove it.