2 matches found
governor can steal funds of user from all created streams using arbitraryCall
Handle hack3r-0m Vulnerability details Impact user approves token x to stream contract approval amount is typeuint256.max user calls createIncentivetoken x, someAmount incentivesx = someAmount creator calls claimIncentivetoken x incentivesx = 0 governance can arbitraryCall with data as ERC20token...
Synth: approveAndCall sets unnecessary approval
Handle cmichel Vulnerability details Vulnerability Details The Synth.approveAndCall function approves the recipient contract with the max value instead of only the required amount. Impact For safety, the approval should not be set to the max value, especially if the amount that the contract may u...