[WP-H0] Fake balances can be created for not-yet-existing ERC20 tokens, which allows attackers to set traps to steal funds from future users
Lines of code Vulnerability details function createVault uint256 tokenIdOrAmount, address token, ... external returns uint256 vaultId ... Vault memory vault = Vault ... ; // vault index should always be odd vaultIndex += 2; vaultId = vaultIndex; vaultsvaultId = vault; // give msg.sender vault tok...