3 matches found
InterchainTokenService.expressReceiveTokenWithData does not apply Check-Effect-Interaction mode
Lines of code Vulnerability details Impact InterchainTokenService.expressReceiveTokenWithData does not apply the Check-Effect-Interaction pattern. In some edge cases, the caller can lose funds. Proof of Concept The life cycle of sending token across chains contains 3 phases: //P1: launch on sourc...
reentrancy in TimeswapV2Option.collect()
Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...
Reentrancy vulnerabilities
Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...