Lines of code
<https://github.com/pooltogether/v4-twab-delegator/blob/master/contracts/PermitAndMulticall.sol#L31>
In TWABDelegator.sol anyone can call the multicall() function which then calls _multicall() in PermitAndMulticall.sol. When using batched delegatecalls the msg.sender and msg.value are not updated on every iteration and this can result in double spending bugs as the linked article demonstrates.
<https://samczsun.com/two-rights-might-make-a-wrong/>
Manual code review
Consider removing the ability to do batched delegatecalls or add logic on every loop to ensure the msg.value is updated or accordingly.
The text was updated successfully, but these errors were encountered:
All reactions