2 matches found
A malicious manager could revoke grants early and steal unvested tokens.
Lines of code Vulnerability details Impact A malicious manager can: Revoke a grant before its expiration. Take all tokens not yet vested/withdrawn based on the vesting schedule. Deprive the grant owner of tokens they should have later received if vesting continued. Proof of Concept A The...
A Malicious Treasury Manager Can Burn Treasury Tokens By Setting makerFee To The Amount The Maker Receives
Handle leastwood Vulnerability details Impact The treasury manager contract holds harvested assets/COMP from Notional which are used to perform NOTE buybacks or in other areas of the protocol. The manager account is allowed to sign off-chain orders used on 0x to exchange tokens to WETH which can...