You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In StakingRewards.sol L242, the withdraw() function does not check how much a user's balance of LP tokens comes from the locked portion of stakes, and thus may allow a user to withdraw from their locked balance. When doing so, it subtracts the non-boosted amount from _boosted_balances instead of the boosted, locked amount, and thus allows for people to manipulate their balance in the StakingRewards contract.
In StakingRewards.sol L242, the
withdraw()
function does not check how much a user's balance of LP tokens comes from the locked portion of stakes, and thus may allow a user to withdraw from their locked balance. When doing so, it subtracts the non-boosted amount from_boosted_balances
instead of the boosted, locked amount, and thus allows for people to manipulate their balance in the StakingRewards contract.This bug has been reported by @samczsun.
Link to bug:
frax-solidity/contracts/Staking/StakingRewards.sol
Line 242 in 889b310
The text was updated successfully, but these errors were encountered: