3 matches found
Any permission can be used to execute any code in MimoProxy
Lines of code Vulnerability details Impact If a permission is given in MimoProxy to any function, it can then be abused to whitelist any other msg.sender/function by modifying the permissions mapping. There is a check that the owner was not modified, but no check on permissions which makes sense...
[WP-H29] Vault#setController() owner of the Vault contracts can drain funds from the Vault
Handle WatchPug Vulnerability details function setControlleraddress controller public override onlyOwner requirecontroller != address0, "ERRORZEROADDRESS"; if addresscontroller != address0 controller.migrateaddresscontroller; controller = IControllercontroller; else controller =...
setYieldSource leads to temporary wrong results
Handle gpersoon Vulnerability details Impact The use of setYieldSource leaves the contract in a temporary inconsistent state because it changes the underlying yield source, but doesn't yet transfer the underlying balances, while the shares stay the same. The function balanceOfToken will show the...