# Jito Restaking

## Reports by Severity

<details>

<summary>High</summary>

* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>

<details>

<summary>Insight</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer

</details>

## Reports by Type

<details>

<summary>Smart Contract</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/jito-restaking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.