3 matches found
Improper design/implementation of SingleTokenJoinV2#joinTokenSingle() make it prone to fail
Handle WatchPug Vulnerability details for uint256 i; i bs.tokens.length; i++ IERC20 token = bs.tokensi; uint256 tokenAmount = balanceaddresstoken.mulamount.addfeeAmount.div totalSupply ; requiretokenAmount != 0, "AMOUNTTOOSMALL"; token.safeTransferFrommsg.sender, addressthis, tokenAmount; // If...
Attacker can break joinTokenSingle() by transferring basketToken to the contract
Handle WatchPug Vulnerability details uint256 outputAmount = outputToken.balanceOfaddressthis; require outputAmount == joinTokenStruct.outputAmount, "FAILEDOUTPUTAMOUNT" ; In the current implementation, joinTokenSingle requires balanceOf outputToken strictly equal to outputAmount in calldata...
Unused ERC20 tokens are not refunded, and can be stolen by attacker
Handle WatchPug Vulnerability details Under certain circumstances, e.g. annualizedFee being minted to feeBeneficiary between the time user sent the transaction and the transaction being packed into the block and causing amounts of underlying tokens for each basketToken to decrease. It's possible ...