3 matches found
Fee can be transferred to the zero address while subprotocol registeration
Lines of code Vulnerability details Impact Everytime user register a new subprotocol to the registry contract, the registry contract transfer the fee to the cidFeeWallet from the registrar. There is missing vaildation that the transfer should not goes to zero address. If no address has been set f...
The transferFeesFrom function does not check if the "from" address is the actual owner of the position before transferring the fees.
Lines of code Vulnerability details Impact The code Doesn't check if the from address is the owner of the position before transferring the fees. If the from address is not the owner of the position, an attacker could potentially transfer fees from another user's position without their permission...
Tokens with fee on transfer are not supported
Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, sendToCosmos assumes that the received amount is the same as the transfer amount, and uses it to emit SendToCosmosEvent event. As a result, when bridging t...