4 matches found
SimpleERC20Escrow's initialize() can be frontrun
Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...
Index Minting and Redemption Can Be Frontrun
Lines of code Vulnerability details Impact According to the provided source code, the user must transfer the underlying asset to the contract prior to calling mint or the index token before to calling burn. If these two actions are performed on the difference block, it introduces the risk that...
Users Can Frontrun revoke() By Calling vest()
Handle leastwood Vulnerability details Impact The onlyOwner role typically calls revoke if a member leaves the BootFinance team, resulting in vested tokens being transferred to the multisig account. Each vesting account has a revocable state variable that is set to either true or false. As any us...
Harvest can be frontrun
Handle 0xsanson Vulnerability details Impact In the NativeStrategyCurve3Crv.harvest there are two instances that a bad actor could use to frontrun the harvest. First, when we are swapping WETH to a stablecoin by calling swapTokensweth, stableCoin, remainingWeth, 1 the function isn't checking the...