5 matches found
The _rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset
Lines of code Vulnerability details Impact abuse of sweeping arbitrary tokens. Proof of Concept The rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset Tools Used Manual Recommended Mitigation Steps Remove the tokenAddress parameter - no nee...
Deny of service in CCash.sol with "transfer" which can be unusable for smart contract calls
Lines of code Vulnerability details Impact The CCash.doTransferOut method is susceptible to denial of service. Proof of Concept The logic of the doTransferOut method in CCash is as follows: The whole user withdraw is being handled with a token.transfer call. This is unsafe as transfer has hard...
Deny of service in CNote.doTransferOut
Lines of code Vulnerability details Impact The CNote.doTransferOut method is susceptible to denial of service. Proof of Concept The logic of the doTransferOut method in CNote is as follows: function doTransferOutaddress payable to, uint amount virtual override internal requireaddressaccountant !=...
An attacker can render CNote’s doTransferOut unusable
Lines of code Vulnerability details Impact In doTransferOut, the underlying balance of the CNote has to be 0 after the transfer. While this works fine when the underlying balance of the CNote was 0 before the call i.e., in the normal case, the function will always revert when the balance was...
getCashPrior == 0 not checked at the end of redeemFresh
Lines of code CNote.solL332 Vulnerability details Impact To ensure that there are no Note tokens in CNote.sol the getCashPrior value should be exactly 0 at the end of every function that transfers tokens in and out of the contract. In the redeemFresh function, the getCashPior value is not checked...