5 matches found
the unbounded approve function allows a front-running vulnerability due to setting unlimited allowance.
Lines of code Vulnerability details Impact if approve is called with a very high allowance, the spender can drain the owner's entire balance. Proof of Concept approve allows setting an allowance to any arbitrary uint256 value, including typeuint.max. This effectively gives unlimited approval to t...
onERC721Received() could delegatecall to transder the tokens
Lines of code Vulnerability details onERC721Received could delegatecall to transder the tokens Impact Some onERC721Received could use delegatecall to drain the tokens Putty holds. Because the msg.sender is Putty contract, the tarnsfer can go through. Or taking the ownership of the Putty contract...
if attacker gets admin private key then he can drain all the tokens that Lender.sol contract holds
Lines of code Vulnerability details Impact if attacker gets admin private key then he can drain all the tokens that Lender.sol contract holds Recommended Mitigation Steps make it harder for admin to do this with some internal sec requirements --- The text was updated successfully, but these error...
A malicious ticket can drain the tokens
Handle pauliax Vulnerability details Impact Anyone can createPromotion with any arbitrary ticket supposed it follows the proposed interface. Thus, it is possible to create a promotion with a malicious ticket that returns arbitrary values for getAverageBalanceBetween and...
Can reclaim the same incentive multiple times
Handle pauliax Vulnerability details Impact function reclaimIncentive can be invoked more than once for the same incentiveId. If there were multiple incentives for the same token it would allow to drain these tokens by repeatedly calling reclaimIncentive. Recommended Mitigation Steps Simple...