User will lose funds #108
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L224-L226
Vulnerability details
Impact
It was observed that User will lose funds due to missing else condition
Proof of Concept
Recommended Mitigation Steps
The condition should check if user has enabled lock for cvx, otherwise cvx should not be transferred from user
The text was updated successfully, but these errors were encountered: