2 matches found
SingleNativeTokenExitV2 only returns single output token
Handle cmichel Vulnerability details The SingleNativeTokenExitV2.exit function performs a list of arbitrary user-defined swaps on the exited token basket. These could result in many different final "output" tokens ending up in the contract after the swaps. However, the contract assumes that there...
Basket publisher can raise licenseFee in an unbounded fashion, stealing other users tokens
Handle TomFrenchBlockchain Vulnerability details Impact Publisher can make licenseFee arbitrarily large and then steal any funds remaining in the basket after 1 day. Proof of Concept On minting or burning basket tokens the handleFees function is called. This mints a number of basket tokens to the...