Use of strict equalities that can be easily manipulated by an attacker.
Staking::claimRewards
uses a dangerous strict equality:
- lastClaim[msg.sender] == 0 (src/Staking.sol#73)
Staking::deposit
uses a dangerous strict equality:
- loveToken.balanceOf(address(stakingVault)) == 0 (src/Staking.sol#51)
Attackers can easily manipulate the vault draining its funds to zero.
Slither
Don't use strict equality to determine if an account has enough Ether or tokens.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.