2 matches found
Missing access control in NFTFloorOracle::removeFeeder
Lines of code Vulnerability details Proof of Concept THe removeFeeder method is lacking onlyRoleDEFAULTADMINROLE modifier, even though the NatSpec states “Allows owner to remove feeder”. Due to this, now everyone can remove a feeder anytime. Different types of attack can be executed, one of which...
THE FUNCTION LOGIC OF _REMOVEFEEDER() IS FLAWED
Lines of code Vulnerability details Impact When the admin calls removeFeeder, it will internally call removeFeeder that will have the feeder removed from feeders before getting its UPDATEROLE revoked. In the midst of doing this, the protocol forgets to update index of feederPositionMap belonging ...