2 matches found
Incorrect msg.value usage could lead to fund loss
Lines of code Vulnerability details Impact The burnToTarget function is using msg.value in a loop which is passed to swapAll function of swapperRouter. Since msg.value amount will not change within loop, contract will end up using its own ETH Proof of Concept 1. User calls burnToTarget function...
User will get free funds
Lines of code Vulnerability details Impact If contract has an existing balance of WETH, ETH or targetUnderlying then user will get extra funds. Proof of Concept 1. Assume contract has existing amount 10 of targetUnderlying token 2. User calls burnToTarget function which converts all his passed...