3 matches found
Publisher can scam users by changing license fees and using auction to freeze user funds
Handle 0x0x0x Vulnerability details Publisher can call changeLicenseFee to change fees. There is no maximum cap for this parameter. At first glance, because there is a timelock period of 1 day, the users have enough time to react. But if the publisher can start an auction and bondForRebalance. Th...
Setting Factory.bondPercentDiv to zero cause Denial of Service in Auction.bondForRebalance()
Handle pants Vulnerability details The function Factory.setBondPercentDiv allows the owner to set the state variable Factory.bondPercentDiv to zero. Impact If Factory.bondPercentDiv equals zero then the function Auction.bondForRebalance will always revert due to a division by zero: bondAmount =...
lack of checks in Factory::setBondPercentDiv allow owner to prevent bonding in Auction::bondForRebalance()
Handle GalloDaSballo Vulnerability details Impact setBondPercentDiv has no checks for min and max Setting bondPercentDiv to 0 will cause Auction::bondForRebalance to revert This allows the owner to prevent bonding by setting the bondPercentDiv to 0 Recommended Mitigation Steps Refactor to functio...