3 matches found
Permit should not approve type(uint256).max
Lines of code Vulnerability details Impact The design of permits should not be allowed to approve typeuint256.max. If not, depositAndTrade can be called many times until the allowance value becomes 0. Proof of Concept We should only allow baseTokenAmount only for baseToken and...
Unsafe usage of ERC20 methods
Lines of code Vulnerability details There are many weird ERC20 tokens that don't follow the standard ERC20 interface. Depending on the ERC20 token, some transfer errors may result in passing unnoticed, or some successful transfers may be treated as failed. The current implementation assumes that...
Infinite approval given to DepositTradeHelper contract can be misused by malicious actors
Lines of code Vulnerability details Impact depositAndTrade function in DepositTradeHelper account has infinite approval to spend baseTokens & collateralTokens of user using offChain signatures. However, once swapRouter executes UniV3 swap transaction on line 33, the contract does not give up its...