In the BaseTOFT, removeCollateral(), any marketHelper can be specified, allowing all the ETH to be stolen from a mTapiocaOFT with ETH as erc
Lines of code Vulnerability details Impact All the ETH in mTapiocaOFT can be stolen, which is relevant when the underlying asset erc is ETH. Proof of Concept mTapiocaOFT allows removing collateral from Singularity through a cross chain call, but the address of the MarketHelper is not validated. T...