2 matches found
ADMIN CAN CHANGE THE GSCAllowance BEFORE THE COOL DOWN PERIOD HAS PASSED
Lines of code Vulnerability details Impact The ArcadeTreasury.setGSCAllowance is used to set the GSC allowance for a token. This function is only callable by the contract admin. Even though this function is controlled by the admin, there is an additional restriction implemented, in the form of a...
Malicious proposal can drain the treasury contract and bypass the gscAllowance[token] check
Lines of code Vulnerability details Impact Malicious proposal can drain the treasury contract and bypass the gscAllowancetoken check Proof of Concept See this two function: function gscSpend address token, uint256 amount, address destination external onlyRoleGSCCOREVOTINGROLE nonReentrant if...