5 matches found
TimeswapV2LiquidityToken should not use totalSupply()+1 as tokenId
Lines of code Vulnerability details Impact Assuming ERC1155Enumerable is acting normally, there is a Accounting Issue about TimeswapV2LiquidityToken and TimeswapV2Token's tokenId. Different liquidities can have the same tokenId, leading to serious balance manipulation. I'm submitting this issue a...
Incorrect _removeTokenEnumeration implementation of ERC1155Enumerable
Lines of code Vulnerability details Impact removeTokenFromAllTokensEnumeration can never be called, because of wrong order of if statement and idTotalSupplyid -= amount;. This leads to totalSupply do not correctly minus 1 when all token amounts for a specific tokenId get burned. Proof of Concept...
In TimeswapV2LiquidityToken.sol and TimeswapV2Token.sol, different positions might be minted to the same id.
Lines of code Vulnerability details Impact In this protocol, all positions should have unique ids to track and update their status. Currently, different positions might be minted to the same id and the main logic for the positions will be broken. Proof of Concept TimeswapV2LiquidityToken.mint set...
Burning a ERC1155Enumerable token doesn't remove it from the enumeration
Lines of code Vulnerability details The ERC1155Enumerable base contract used in the TimeswapV2Token and TimeswapV2LiquidityToken tokens provides a functionality to enumerate all token ids that have been minted in the contract. The logic to remove the token from the enumeration if the last token i...
ERC1155Enumerable._removeTokenEnumeration() checks the removal condition wrongly.
Lines of code Vulnerability details Impact ERC1155Enumerable.removeTokenEnumeration checks the removal condition wrongly. As a result, the tokens with 0 total supply won't be removed from allTokens array at all. Proof of Concept removeTokenEnumeration checks the removal condition like below when ...