2 matches found
addCollateral allows anyone to addCollateral on behalf of others
Lines of code Vulnerability details Impact addCollateral allows anyone to addCollateral on behalf of others. In other words, bypassing the borrow allowance check. Proof of Concept allowedBorrow modifier will not revert if passed share == 0. addCollateral method uses allowedBorrow modifier functio...
Invalid testing of allowance in ZcToken.withdraw and ZcToken.redeem
Lines of code Vulnerability details Impact / Description In the ZcToken contract, the withdraw and redeem methods both support being called from an other account with an appropriate allowance set, but these functions fail to properly validate allowance. The problem is the condition allowed = amou...