# Jito Restaking

## Reports by Severity

<details>

<summary>High</summary>

* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>

<details>

<summary>Insight</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer

</details>

## Reports by Type

<details>

<summary>Smart Contract</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>