5 matches found
rescueETH function doesn't works as expected
Lines of code Vulnerability details Impact The rescueETH function is implemented to collect any unexpected ETH transferred to the infinityExchange.sol contract, But this function will not work as expected. The function is supposed to return the eth from the contract to the specified destination...
rescueEth does not transfer ether in contract
Lines of code Vulnerability details Impact The InfinityStakerrescueETH and InfinityExchangerescueETH payable functions sends msg.value to the destination and not the ether in the contract, so the fees and accidentally transferred ether is not sent to the destination address Proof of Concept...
User can accidentally permanently freeze the staked funds
Lines of code Vulnerability details User facing changeDuration function allows for setting any newDuration of a stake. However, only THREEMONTHS, SIXMONTHS and TWELVEMONTHS durations are visible to the system in all the subsequent logic. If a user accidentally sets any other duration, the...
ETH funds accidentally sent to InfinityStaker cannot be retrieved
Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...
Accidental ETH transfers to InfinityStaker cannot be withdrawn
Lines of code Vulnerability details The rescueETH function is meant to allow the contract owner to withdraw ETH accidentally sent to the contract. However, it will forward the exact ETH amount sent by the caller to the given destination address, rather than withdraw ETH from the contract balance:...