5 matches found
Slingshot: Incorrect initial balance fetched for native token in executeTrades()
Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...
Trades where toToken is feeOnTransferToken might send user less tokens than finalAmountMin
Handle kenzo Vulnerability details Slingshot's executeTrades checks that the trade result amount to be sent to the user is bigger than finalAmountMin, and after that sends the user the amount. But if the token charges fee on transfer, the final transfer to the user will decrease the amount the us...
Inconsistent balance comparison of nativeToken in executeTrades
Handle kenzo Vulnerability details When toToken == nativeToken, executeTrades compares Executioner's starting nativeToken balance to Executioner's ending wrappedNativeToken balance. Impact Loss of user funds or DOS of executeTrades: if there is extra ETH in Executioner contract, finalOutputAmount...
Admin can abuse grantSlingshot and steal user funds
Handle kenzo Vulnerability details After user has .approved ApprovalHandler, admin can grantSlingshot himself, and then call ApprovalHandler.transferFrom with parameters that will transfer all tokens to himself before the user calls Slingshot's executeTrades. Although this vulnerability requires ...
executeTrades is payable and doesn't use msg.value
Handle pants Vulnerability details The function executeTrades is payable and doesn't use msg.value is payable and doesn't use msg.value. --- The text was updated successfully, but these errors were encountered: All reactions...