2 matches found
Attacker can drain pool using executeBuyWithCredit with malicious marketplace payload.
Lines of code Vulnerability details Description Paraspace supports leveraged purchases of NFTs through PoolMarketplace entry points. User calls buyWithCredit with marketplace, calldata to be sent to marketplace, and how many tokens to borrow. function buyWithCredit bytes32 marketplaceId, bytes...
double user token spending in function executeBuyWithCredit() contract transfer user wETH fund for wETH orders even when user send payment as ETH to contract and contract converted it to wETH (_depositETH() and _delegateToPool() takes user funds when user sends ETH and tries to buy WETH order)
Lines of code Vulnerability details Impact when user wants to buy NFT tokens with wETH asset, and he/she sent ETH to executeBuyWithCredit or executeBatchBuyWithCredit, code would take user tokens two times, one as ETH token in depositETH and one as wETH tokens in delegateToPool so users would pay...