Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2021/11/24 12:0 a.m.11 views

Inaccurate fees computation

Handle cmichel Vulnerability details The MixinTransfer.shareKey function wants to compute a fee such that time + fee time == timeRemaining timePlusFee: uint fee = getTransferFeekeyOwner, timeShared; uint timePlusFee = timeShared + fee; However, if the time remaining is less than the computed fee...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/24 12:0 a.m.10 views

Approvals not cleared after key transfer

Handle cmichel Vulnerability details The locks implement three different approval types, see onlyKeyManagerOrApproved for an overview: key manager map keyManagerOf single-person approvals map approved. Cleared by clearApproval or setKeyManagerOf operator approvals map managerToOperatorApproved Th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/24 12:0 a.m.11 views

Key self transfers lead to expiry

Handle cmichel Vulnerability details The MixinTransfer.shareKey function does not disallow transfering the key to oneself, i.e. from == recipient. When doing a self-transfer, the remaining time for oneself should be reduced by the fees, but the keys immediately expire due to explicitly setting th...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/24 12:0 a.m.8 views

MixinTransfer.sol#transferFrom Wrong implementation can potentially allows attackers to reverse transfer and cause fund loss to the users

Handle WatchPug Vulnerability details if toKey.tokenId == 0 toKey.tokenId = tokenId; recordOwnerrecipient, tokenId; // Clear any previous approvals clearApprovaltokenId; if previousExpiration = block.timestamp // The recipient did not have a key, or had a key but it expired. The new expiration is...

6.8AI score
Exploits0
Rows per page
Query Builder