Since any token can be sent to the PrimeLiquidityProvider contract there is a great chance of an attacker sending a scam token with some legit value in it to lure the owner making him sweep those tokens and by doing so compromising the whole contract’s funds.
The PrimeLiquidityProvider contract has a sweepToken function only accessed by the owner for the purpose of rescuing any tokens sent to it, the problem is that there is no check for the reliability of this token being swept. This malicious token could indeed have some value to it like being a meme coin for example but with a shady smart contract doing other things like using the caller to compromise the whole contract.
Manual
Maybe adding a whitelist of trusted tokens could help mitigate this, but other than that making the contract call any other contract without a whitelist is pretty dangerous to the contract funds.
Invalid Validation
The text was updated successfully, but these errors were encountered:
All reactions