3 matches found
More than 1 zero address token in burnToTarget may lead to draining of FeeBurner.sol
Lines of code FeeBurner.solL43-L88 Vulnerability details Impact The burnToTarget function in FeeBurner.sol allows any array of tokens to be used. If the tokens array contains more than 1 zero address, the swapAll function for the swapperRouter will be called more than once with the same msg.value...
Able to get LP tokens without spending any funds in FeeBurner.sol
Lines of code FeeBurner.solL43-L88 Vulnerability details Impact In the burnToTarget function, if the tokens array has only a zero address token and msg.value is 0 then FeeBurner.sol would still call the swapAll function and use all WETH held in the contract. If the contract has any WETH, the call...
Stealing Deposited LP Token Balance of the Contract!
Lines of code Vulnerability details Impact The FeeBurner.sol has burnToTarget which was vulnerable to Stealing of LPToken Balance Anyone could transfer LP tokens to them! Proof of Concept 1. The targetLpTokenBalance is calculated by depositing with the Underlying token and target pool. 2. The...