Users will be able to steal funds if token is temporarily unwhitelisted
In case a token has been temporarily unwhitelisted (for whatever reason), a user calling mow
during sop season, will not get their perWellPlenty
set (as it only fetches the currently whitelisted tokens)
By not setting user's own PerRootPlenty
, if by the next time they mow its whitelisted again, this would allow them to claim plenty
for the whole PRP (rather than just the delta since beginning of the sop)
Loss of funds
Manual review
Either use an array of all ever whitelisted tokens, or do not only temporarily unwhitelist a token (once it's whitelisted, disallow it from being rewhitelisted again)
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.