Any token approved for the base vault can be stolen
Lines of code Vulnerability details Impact All tokens approved for the BaseVault contract can be stolen by any attacker. The batchDeposit functions lack proper access controls and allow the token source to be an arbitrary address as opposed to restricting it to msg.sender. Since token approvals...