2 matches found
Allowance manipulation in UserEscrow struct leads to unauthorized token transfers due to overreliance on maximum allowance check
Lines of code Vulnerability details Summary The UserEscrow smart contract contains a vulnerability that can possibly allow unauthorized users to transfer tokens out of the contract. Specifically, an attacker can exploit this flaw by manipulating the allowances, thus enabling them to bypass the...
Potential Over-redemption Vulnerability in redeem Function
Lines of code Vulnerability details Impact In the redeem function, when a third party is using their allowance to redeem shares on behalf of an owner, there exists a potential scenario where the third party could redeem more than originally intended by the owner. Proof of Concept This is how the...