4 matches found
Permits may be reused after token upgrade
Lines of code Vulnerability details Impact The StandardizedToken contract inherits the ERC20Permit contract which in the case of an upgradable/proxied Token would allow permits for a previous version of the Token to be used on any subsequent version of it. NOTE that ERC20Permit is not explicitly ...
ERC20Permit should include chainId and address to avoid replay attacks
Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...
lockWithPermit() function allows for replay attacks and signature malleability
Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...
Usage of an incorrect version of ERC20Permit contract can give unknown token with 0 decimals after upgrade.
Handle Jujic Vulnerability details Impact Based on the context and comments in the code, the Malt.sol contract is designed to be deployed as an upgradeable proxy contract. In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s...