2 matches found
exactInput allows stealing of funds via a malicious pool contract
Lines of code Vulnerability details Impact Users can lose funds during swapping. Proof of Concept The Router contract is a higher level contract that will be used by the majority of the users. The contract implements the exactInput functions that users call to perform multiple swaps in a single...
Manager can drain vault by taking flashloan in unexpected currency
Lines of code Vulnerability details Impact Manager can drain vault Proof of Concept address fromCollateral = vaultsData.vaultCollateralTypevaultId; uint256 rebalanceValue = priceFeed.convertFromfromCollateral, rebalanceAmount; The source of the exploit is that the above lines wrongly assume that...