Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Points Farm>Informational findings>Owner of the contract can arbitrarily prevent deposits and migrations
GeneralOverview
Findings
Critical (1)
High (1)
Medium (1)
Low (1)
Informational (2)ERC-20 approve function reverts on nonstandard tokenOwner of the contract can arbitrarily prevent deposits and migrations
Audit ResultsAssessment Results
Category: Coding Mistakes

Owner of the contract can arbitrarily prevent deposits and migrations

Informational Severity
Informational Impact
N/A Likelihood

Description

The owner of the contract has the ability to change the signer contract and the stakeable amount at any time via the setLevelSigner and setStakableAmount functions. If the owner changes the signer contract, previous signatures from the former signer will no longer be valid for verification by the contract. Additionally, altering the stakeable amount could prevent users from depositing tokens into the contract.

Impact

The owner is able to prevent a user from migrating their tokens by changing the levelSigner just before a user calls the migrate function. The owner can also prevent deposits by changing the stakeable amount. However, those griefing attacks do not result in a loss of funds since the user is able to withdraw their funds at any time. Only the gas paid is lost.

Recommendations

Consider making setLevelSigner and setStakableAmount callable only when the contract is paused.

Remediation

Zellic © 2025Back to top ↑