Skip to content

fix: vun Bypass on 30 days lock period#121

Open
developerfred wants to merge 1 commit intotalentprotocol:masterfrom
developerfred:codingsh/vune-bypass
Open

fix: vun Bypass on 30 days lock period#121
developerfred wants to merge 1 commit intotalentprotocol:masterfrom
developerfred:codingsh/vune-bypass

Conversation

@developerfred
Copy link

@developerfred developerfred commented Oct 18, 2025
edited
Loading

Currently, a user can approve a third-party user they control to manage their shares, thus bypassing the 30-day lock and receiving tokens early.

This is a critical vulnerability; in this pull request, I fix it.

POC

@RubenSousaDinis
Copy link
Member

RubenSousaDinis commented Nov 7, 2025

Hi @developerfred!

Thanks for raising this issue with us!

We confirm there's indeed an issue with the current contract as is. We will be deploying a new version of the Vault soon and the issue will be fixed there.

@developerfred
Copy link
Author

developerfred commented Nov 7, 2025

Thank you @RubenSousaDinis, I really like the talent protocol, so we need to mitigate any and all vulnerabilities that may be found. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@developerfred @RubenSousaDinis