4 matches found
Creator of pie can mint any amount of _initialSupply, and drain underlying tokens via exitPool
Handle hubble Vulnerability details Impact The Creator of pie or msg.sender of bakePie in PieFactoryContract, can set any high value of initialSupply and get the ERC20 tokens minted. There is no relation to the intialSupply and the amount of underlying Tokens added to the Pie during the bakePie...
Improper design/implementation of SingleTokenJoinV2#joinTokenSingle() make it prone to fail
Handle WatchPug Vulnerability details for uint256 i; i bs.tokens.length; i++ IERC20 token = bs.tokensi; uint256 tokenAmount = balanceaddresstoken.mulamount.addfeeAmount.div totalSupply ; requiretokenAmount != 0, "AMOUNTTOOSMALL"; token.safeTransferFrommsg.sender, addressthis, tokenAmount; // If...
Unused ERC20 tokens are not refunded, and can be stolen by attacker
Handle WatchPug Vulnerability details Under certain circumstances, e.g. annualizedFee being minted to feeBeneficiary between the time user sent the transaction and the transaction being packed into the block and causing amounts of underlying tokens for each basketToken to decrease. It's possible ...
setLock() function has no validation on the _lock number
Handle jayjonah8 Vulnerability details Impact In BasketFacet.sol, the setLock function allows the privileged caller to change the lockBlock number in storage without validating the lock arg number passed into it. This number is extremely important since if getLock returns true, it means the pool ...