Return to site
Return to site

Bug Deep Dive #5

Foundation recall will inflate governance power for earnest voters - $381

· Bug Deep Dive
Section image

This issue is a quite straightforward example of missing functionality that the protocol disregarding and is often a trivial finding, but also relates a bit to business logic so many people miss it.

The SummerVestingWalletEscrow mints xSUMR (governance power) when the user stakes to them, and locks the tokens in their SummerVestingWallet.

Section image

However, in the SummerVestingWallet there is the option to withdraw all the tokens, but the user will still be holding their minted Governance tokens, which will be left unbacked.

Section image

Conclusion

This finding would earn you $381, which is okay since it is super simple, the protocol team completely dismissed the Governance tokens that will be going around.

Subscribe
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save