Unnecessary transfer
functionality in LockingToken
Description
LockingToken is intended for users to lock their Aerodrome LP positions directly with the Anzen protocol. This design ensures that users receive rewards directly from the protocol, bypassing indirect rewards through Aerodrome bribes. However, the transfer
functionality within the LockingToken contract appears unnecessary for its intended purpose.
Impact
While there are no direct security vulnerabilities associated with this functionality, having unnecessary features increases the contract's attack surface. This can potentially expose the system to unforeseen vulnerabilities in the future.
Recommendations
Remove the transfer
functionality from the LockingToken contract to reduce the attack surface and maintain simplicity.
Remediation
Anzen Labs Inc. provided the following response:
The team decided to not make changes for those issues at this time