5 matches found
INITREFS() COULD BE USED TO OVERWRITE ALL REFFERAL DATA
Lines of code Vulnerability details Impact Although denoted as deprecated, initRefs is readily there in Referrals.sol that could be called by the owner whose private keys might have been compromised to reassign all the referral data. This could impact the referrers specifically who might have...
A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...
DoS on claiming rewards in PirexRewards is possible
Lines of code Vulnerability details Proof of Concept The claim method in PirexRewards iterates over the rewardTokens array for a producerToken. Now this array is completely managed by the contract’s owner who can call addRewardToken which pushes a new value in that array, as many times as he...
Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount
Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...
Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract
Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...