withDrawFees()
function doesn't follow cei patter
Vulnerable to reentrancy
Likelihood:
onlyOwner
makes exploitation unlikely, but not impossible (if ownership is compromised).
Impact:
If iUSDC
were a malicious ERC20 token with a hook in transfer
, it could reenter the contract.
Impact 2
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.