4x
Payouts
1x
3rd Places
4x
Top 10
4x
Top 25
All
Code4rena
May '21
high
_sendForReceiver is vulnerable to reentrancy. This enables a receiver to drain the remaining fees to distribute.
high
An attacker can cause an overflow in the flashLoan function
medium
A malicious receiver can cause another receiver to lose out on distributed fees by returning `false` for `tokensReceived` when receiveRewards is called on their receiver contract.
medium
The direct redeem fee can be circumvented
Apr '21
Feb '21
