2 matches found
Arbitrary contract call allows attackers to steal ERC20 from users' wallets
Handle WatchPug Vulnerability details function fillZrxQuote IERC20 zrxBuyTokenAddress, address payable zrxTo, bytes calldata zrxData, uint256 ethAmount internal returns uint256, uint256 uint256 originalERC20Balance = 0; if!signifiesETHOrZeroaddresszrxBuyTokenAddress originalERC20Balance =...
Arbitrary Logic Enables ERC20 Theft
Handle ElliotFriedman Vulnerability details Severe Issue: ERC20 Token Theft Using Arbitrary Logic There are 2 ways that this bug can be used to drain funds from the bridge. Both are catastrophic and result in total loss of funds. The 1st method is horrible, the second method is diabolical as it c...