2 matches found
NameWrapper._transferAndBurnFuses() allows reentrancy on onERC1155Received callback
Lines of code Vulnerability details Impact When calling the internal function transferAndBurnFuses in NameWrapper.setSubnodeOwner or NameWrapper.setSubnodeRecord , ERC1155Fuse.transfer is called before setFuses which creates a reentrancy opportunity when newOwner is a contract, which may allow a...
NameWrapper: parent can bypass PARENT_CANNOT_CONTROL
Lines of code Vulnerability details Impact HIGH - bypassing PARENTCANNOTCONTROL fuse As discussed in the discord, bypassing fuse is considered high, thus it is reported as high impact Conditions for the parent for this exploit: should be able to unwrap: no CANNOTUNWRAP fuse on the parent node...