2 matches found
Upgraded Q -> 2 from #653 [1675442664703]
Judge has assessed an item in Issue 653 as 2 risk. The relevant finding follows: 1. Funds are locked if Rialto use function finishFailedMinipoolByMultisig Detail Function finishFailedMinipoolByMultisig did not transfer any funds or doing any data change, only updating state of minipool to Finishe...
Funds of Node Operators can be nullified by any attacker
Lines of code Vulnerability details Impact The MinipoolManager.createMinipool function do not validate the caller's address due to which any address can invoke the createMinipool function with any nodeID existing or new as input. For any existing nodeID the function can be invoked as long as the...