2 matches found
Arbitrary transfers following approvals can lead to loss of funds/NFTS
Lines of code Vulnerability details Impact These three transfer functions allow an attacker to supply an arbitrary from and to to transfer ERC20s, ERC721s, and ERC1155s. The moment that a user sets approval for the contract to spend their tokens, an attacker can front-run the next call and steal...
Create a short call order with non empty floor makes the option impossible to exercise and withdraw
Lines of code Vulnerability details Impact HIGH - assets can be lost If a short call order is created with non empty floorTokens array, the taker cannot exercise. Also, the maker cannot withdraw after the expiration. The maker will still get premium when the order is filled. If the non empty...