2 matches found
User can bypass entryFee by sending arbitrary calldata to ParaSwap operator
Lines of code Vulnerability details Impact Any user is able to bypass the entryFee collection when using NestedFactory.create by passing in arbitrary calldata when using the ParaSwap router. High level, a user can pass in calldata to swap from a miniscule amount of input token to an ERC777 with...
Owner can whitelist addresses for swaps and steal approved assets from users
Lines of code Vulnerability details Impact There is a common vulnerability with aggregator/bridge contracts where passing in arbitrary calldata can do unwanted actions such as steal tokens that were approved to that contract. While there is a whitelist system set up, there is no stopping a...