Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2021/11/01 12:0 a.m.9 views

Slingshot: Incorrect initial balance fetched for native token in executeTrades()

Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.13 views

Trades where toToken is feeOnTransferToken might send user less tokens than finalAmountMin

Handle kenzo Vulnerability details Slingshot's executeTrades checks that the trade result amount to be sent to the user is bigger than finalAmountMin, and after that sends the user the amount. But if the token charges fee on transfer, the final transfer to the user will decrease the amount the us...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.8 views

Inconsistent balance comparison of nativeToken in executeTrades

Handle kenzo Vulnerability details When toToken == nativeToken, executeTrades compares Executioner's starting nativeToken balance to Executioner's ending wrappedNativeToken balance. Impact Loss of user funds or DOS of executeTrades: if there is extra ETH in Executioner contract, finalOutputAmount...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.13 views

Admin can abuse grantSlingshot and steal user funds

Handle kenzo Vulnerability details After user has .approved ApprovalHandler, admin can grantSlingshot himself, and then call ApprovalHandler.transferFrom with parameters that will transfer all tokens to himself before the user calls Slingshot's executeTrades. Although this vulnerability requires ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/10/30 12:0 a.m.8 views

executeTrades is payable and doesn't use msg.value

Handle pants Vulnerability details The function executeTrades is payable and doesn't use msg.value is payable and doesn't use msg.value. --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Rows per page
Query Builder