> For the complete documentation index, see [llms.txt](https://reports.immunefi.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://reports.immunefi.com/jito-restaking.md).

# Jito Restaking

## Reports by Severity

<details>

<summary>High</summary>

* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>

<details>

<summary>Insight</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer

</details>

## Reports by Type

<details>

<summary>Smart Contract</summary>

* \#37079 \[SC-Insight] Withdrawals can be DOSed by reviving tickets in the same burn tx
* \#36675 \[SC-Insight] Missing revoke instruction leads to Old delegate accounts have unlimited number of token allowance
* \#37311 \[SC-High] Attackers can steal rewards by depositing, updating vault balance and withdrawing immediately after a large reward is deposited
* \#37314 \[SC-High] Vault creators can not withdraw their fees without being recursively charged (vault and program) fees on their own fees which causes permanent loss of funds
* \#37315 \[SC-High] Theft of Unclaimed Yields Due to Improper Reward Distribution in Vault Program
* \#36787 \[SC-Insight] The vault program don't support token2022 transfer
* \#37295 \[SC-High] Rewards can be stolen by depositing immediately after reward tokens get sent to vault
* \#36903 \[SC-High] The vault reward mechanism can be sandwiched by MEV

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://reports.immunefi.com/jito-restaking.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
