3 matches found
Cally does not support ERC20 tokens with built-in fee
Lines of code Vulnerability details Impact Contract Cally does not properly handle ERC20 tokens that charge fee on their transfers. Implementation of such a tokens does not transfer exact amount provided to transfer but part of it is charged as a fee, burned or used in some other way. This leads ...
“No Revert on Failure“ tokens can be stolen from the contract by disguising them as NFTs.
Lines of code Vulnerability details Impact If a user creates a vault with an ERC20 token with the following two properties: 1. There’s a way to make transferFrom fail to transfer tokens without reverting e.g. some tokens like ZRX return false on failure instead of reverting. 2. fransferFromfrom,...
TokenType mismatch with true type can be exploited to steal funds
Lines of code Vulnerability details A vault can be created for different TokenTypes, namely ERC20 and ERC721. These tokens have different logic, so a user needs to pass the type of the underlying token when creating a vault. At the end of createVault the user's tokens are pulled into the contract...