Wrong comment in claimReward #102
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
Handle
kenzo
Vulnerability details
The comment in
claimReward
says:However, the function only allows the original depositor to claim the rewards.
Additionally, the C4 readme doesn't mention that the receipt token holder should be able to withdraw the reward.
Impact
Confusion regarding working of protocol.
Proof of Concept
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L553
Recommended Mitigation Steps
Change the comment to reflect the fact that only original depositor may withdraw rewards.
The text was updated successfully, but these errors were encountered: