From 8c4011057b2550af24bb087bf0595a1ddc0c4c35 Mon Sep 17 00:00:00 2001
From: Hongrui Fang <chfanghr@gmail.com>
Date: Thu, 13 Oct 2022 20:29:53 +0800
Subject: [PATCH] update changelog

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f2add5..d21a584 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,17 @@ This format is based on [Keep A Changelog](https://keepachangelog.com/en/1.0.0).
 
 ### Modified
 
+- Fix several vulnerabilities and bugs found in staking components.
+  
+  Including:
+
+  - Stake state token can be taken away
+  - Privilege escalation: Acting on behalf of delegatee role + Unlocking delegated stakes
+  - Delegatee can steal delegated inputs
+  - Stake policy doesn't allow destroying multiple stakes
+
+  Included by [#195](https://github.com/Liqwid-Labs/agora/pull/195)
+
 - Place a lock the stake while cosigning a proposal.
 
   NOTE: This changes how cosigning works. In particular, the stake has to be