4 matches found
Direct theft of buyers ETH funds.
Lines of code Vulnerability details Impact Most severe issue: A Seller or Fee recipient can steal ETH funds from the buyer when he is making a single or bulk execution. Direct theft of funds. Additional impacts that can be caused by these bugs: 1. Seller or Fee recipient can cause next in line...
Risk of ETH funds Rug Pull in the moveWithheldETH and recoverEther functions
Lines of code Vulnerability details Impact In the frxETHMinter contract both the owner and governance timelock have the power to call the functions moveWithheldETH and recoverEther, those functions allow the transfer of the ETH from frxETHMinter to the owner or a given account, this means that th...
ETH funds accidentally sent to InfinityStaker cannot be retrieved
Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...
NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()
Lines of code Vulnerability details Impact Should a user accidentally send ETH to the NestedFactory, anyone can utilise it to their own benefit by calling processOutputOrders / processInputAndOutputOrders. This is possible because: 1. receive has no restriction on the sender 2. processOutputOrder...