4 matches found
Missing gas fee limit
Lines of code Vulnerability details The use of .callvalue: balance"" does not limit the gas sent along with the Ether, potentially allowing all gas in the transaction to be used by the receiver. // Set a specific gas limit for the call if applicable uint256 gasLimit = someGasLimit; // Define...
Upgraded Q -> M from #215 [1668468272191]
Judge has assessed an item in Issue 215 as M risk. The relevant finding follows: 7. No max fee is set on setFlashLoanFee function There is no max fee set. This allows a malicious owner to set a very high amount of flashloan fee , which allows the malicious admin to grief other users. He can also...
Admin can set arbitrarily high exchange fees
Lines of code Vulnerability details Impact Admins can attack users by frontrunning them Poc In the function setProtocolFeeInfinityExchange.sol function setProtocolFeeuint16 protocolFeeBps external onlyOwner PROTOCOLFEEBPS = protocolFeeBps;@audit medium emit NewProtocolFeeprotocolFeeBps; Admins ca...
NO TIMELOCK ON setProtocolFee() CAN LEAD TO SELLERS LOSING THEIR NFTs
Lines of code Vulnerability details NO TIMELOCK ON setProtocolFee CAN LEAD TO SELLERS LOSING THEIR NFTs In InfinityExchange.sol, there is no timelock on setProtocolFee. This is the fee that is applied in orders, and determines how much the Exchange receives in fee VS how much the seller receives...