0 reply
0 recast
0 reaction
23 replies
172 recasts
729 reactions
here's one issue: technically if someone stakes enough, they can bring `_fundedUntil` down so much that no one will get any rewards, but the entity that stakes enough token will get all the rewards
moreover, the `isEligible` check just checks the balance of the token, which means if the token supports flash loans, one can flash loan large amount of token to stake, `stake`, bring down `_fundedUntil` to (maybe?) the same block, `unstake`, sell the rewarded token, cover cost of the flash loan and get profit
can probably be mitigated by having a time-lock mechanism for staking (this should eliminate the threat of flash loans); maybe also limiting amount of rewards per address (but then one can spawn many addresses); or maybe limit the rewards by the proportion of total supply of the token staked? not sure 1 reply
1 recast
25 reactions
1 reply
0 recast
1 reaction
