Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2022/02/25 12:0 a.m.14 views

Fee-on-transfer/rebalancing tokens are not supported

Lines of code Vulnerability details Impact Some ERC20 tokens make modifications to their ERC20's transfer or balanceOf functions. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Others are rebasing tokens that increase in value over ti...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/10 12:0 a.m.10 views

User prepare can be denied

Handle cmichel Vulnerability details Vulnerability Details Upon observing a prepare transaction, an attacker can frontrun it with the same invariantData but an amount of a single wei. This inserts a value into variantTransactionDatadigest and the original transcation will fail because of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/10 12:0 a.m.12 views

Funds can be stolen because of approval + send

Handle cmichel Vulnerability details Vulnerability Details The fulfill transaction on the receiving chain first approves the txData.callTo contract with the toSend amount. It then tries to call the addFunds and execute actions on txData.callTo. When any of the calls reverts, the funds are sent to...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/07/10 12:0 a.m.13 views

TransactionIDs may not be reused by user

Handle cmichel Vulnerability details Vulnerability Details The fulfill signature is only on txData.transactionId, relayerFee which allows the router to steal user funds for cross-chain transfers that go to the same router and use the same transaction ID as an earlier transfer. Example: a successf...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/10 12:0 a.m.8 views

Funds are sent twice on callTo errors

Handle cmichel Vulnerability details Vulnerability Details The fulfill transaction on the receiving chain tries to call the addFunds and execute actions on txData.callTo. When any of the calls reverts, the funds are sent to the txData.receivingAddress. The txData.callTo is user-controlled and an...

7AI score
Exploits0
Rows per page
Query Builder