The _withdrawTokens
function may prematurely exit the loop without fully withdrawing the requested amount, leading to incomplete withdrawals.
If the loop exits prematurely due to the termination condition (i < stems.length) && (a.active.tokens < maxTokens)
, some amounts may not be withdrawn, potentially leaving the contract in an inconsistent state.
Incomplete withdrawals can result in users not receiving the full amount of tokens they requested to withdraw, leading to a loss of funds or an inconsistent state in the contract. This can undermine the trust and functionality of the system, impacting user experience and potentially causing financial losses.
Manual
Ensure that the function completes all necessary withdrawal operations before exiting the loop. Consider reverting the transaction if the requested amount cannot be fully withdrawn.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.