3 matches found
A malicious contract could steal assets via a flash loan
Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...
Potential race condition when claiming prize
Lines of code Vulnerability details Impact To determine whether a caller has won the raffle, the hasUserWon function of the VRFNFTRandomDraw contract queries the ownerOf function of the drawingToken contract, passing the currentChosenTokenId as argument. In essence, the function is only checking...
[Pool] - Flash loan + Synth.realise allows anyone to extract value from LPs
Handle adelamo Vulnerability details Impact On Synth.sol, we have the method realise that checks if the LP value is higher than the Synth value. If confirmed, it will burn the premium LP. Using a flash loan, we can add liquidity to the pool, mint some LP tokens. Then, call realise using the pool...