3 matches found
Foundation Treasury initialize() function can be called by an attacker first
Lines of code Vulnerability details Impact In FoundationTreasury.sol the initialize function can only be called once setting the admin and operator roles which are used in other contracts. The problem is that this initialize function is not called in any deployment script which means an attacker...
The initialize() function can be called first by an attacker
Lines of code Vulnerability details Impact In Delegation.sol the initialize function sets the owner of the contract and can only be called once. The problem is that an attacker can monitor the blockchain byte code and call the initialize function first automatically before the protocol has a chan...
RewardReinvestor Is Vulnerable To Sandwich Attacks
Handle leastwood Vulnerability details Impact The splitReinvest function in RewardReinvestor is called upon by bonded users. An attacker can monitor the blockchain for calls to this function and launch a sandwich attack in combination with a flash loan to steal funds. A malicious user is...