MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

Owner can stop user from claiming rewards in the Erc1155Quest

Lines of code Vulnerability details Impact After completing their tasks users can mint a new receipt token which they can later claim reward with it using the claim function, this function can not be called when the Quest contract is paused so the users can't claim when quest contract is paused...

Upgraded Q -> M from #404 [1674736828553]

Judge has assessed an item in Issue 404 as M risk. The relevant finding follows: L‑06 Owner can renounce while system is paused The contract owner or single user with a role is not prevented from renouncing the role/ownership while the contract is paused, which would cause any user assets stored ...

Storage variable modifications when the contract is paused

Lines of code Vulnerability details Impact The function addMember can be called to modify the the storage variable community even if the contract is paused. function addMemberbytes calldata data, bytes calldata signature external virtual override // Compute hash from bytes bytes32 hash =...