From 1c5dca9bc2b006df8f356d7b3910f800b2e0b2aa Mon Sep 17 00:00:00 2001
From: Hongrui Fang <chfanghr@gmail.com>
Date: Tue, 29 Nov 2022 00:15:14 +0800
Subject: [PATCH] update changelog

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a04a673..453e717 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,17 @@ This format is based on [Keep A Changelog](https://keepachangelog.com/en/1.0.0).
 
 ### Modified
 
+- Fix several vulnerabilities and bugs found by auditors.
+
+  Including:
+  - Stake locks can be removed without retracting votes. This is a bug
+    introduced in the refactoring of `premoveLocks` by #209.
+  - Stake can retract all votes in its cooldown period.
+  - Inconsistent delegate authority checking may fail in some cases, where the
+    delegate votes with own and delegated stakes.
+  
+  Included by [#212](https://github.com/Liqwid-Labs/agora/pull/212)
+
 - Mitigate potential DDoS attack(voting and unlocking repeatedly)
 
   We fix this issue by posing cooldown time while retracting votes, encoded in