2 matches found
msg.sender lending pool and initiator can be forged in executeOperationin MImoLeverage
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the function signature is function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params external override returns bool...
Attacker can empty vaults
Lines of code Vulnerability details Impact Both MIMOEmptyVault and MIMOLeverage contracts share same signature/definition, an attacker can gain control of EmptyVault contract, issue a flash loan, and empty the vaults. Proof of Concept See the test below. In below test, EmptyVault contract is...