2 matches found
Infinite approval given to DepositTradeHelper contract can be misused by malicious actors
Lines of code Vulnerability details Impact depositAndTrade function in DepositTradeHelper account has infinite approval to spend baseTokens & collateralTokens of user using offChain signatures. However, once swapRouter executes UniV3 swap transaction on line 33, the contract does not give up its...
[WP-H7] Infinite approval to an arbitrary address can be used to steal all the funds from the contract
Lines of code Vulnerability details function startBridgeAnyswapData memory anyswapData internal // Check chain id requireblock.chainid != anyswapData.toChainId, "Cannot bridge to the same network."; address underlyingToken = IAnyswapTokenanyswapData.token.underlying; if underlyingToken ==...