4 matches found
Missing cap on LicenseFee
Handle gzeon Vulnerability details Impact There is no cap on LicenseFee. While change of LicenseFee is under 1 day timelock, introducing a maxLicenseFee can improve credibility by removing the "rug" vector. There is a minLicenseFee in the contracts, while imo make little sense to have minLicenseF...
Publisher May Accidentally Publish New Index With Incorrect Token Decimals
Handle leastwood Vulnerability details Impact The defiProtocol platform expects all tokens to be 18 decimals, however, nowhere in the contracts is this behaviour enforced. As a result, if a publisher mistakenly publishes a new index with new tokens that don't conform to this standard, settleAucti...
Fee calculation is potentially incorrect
Handle itsmeSTYJ Vulnerability details Impact More fees are actually charged than intended Mitigation Steps Basket.sol line 118 Assume that license fee is 10% i.e. 1e17 and time diff = half a year. When you calculate feePct, you expect to get 5e16 since that's 5% and the actual amount of fee to b...
missing access control in basket.sol
Handle jah Vulnerability details Impact function mint and function minTo are not protected so anyone can mint Proof of Concept Tools Used manual analysis Recommended Mitigation Steps use modifier to check who can call the function --- The text was updated successfully, but these errors were...