4 matches found
Inaccurate fees computation
Handle cmichel Vulnerability details The MixinTransfer.shareKey function wants to compute a fee such that time + fee time == timeRemaining timePlusFee: uint fee = getTransferFeekeyOwner, timeShared; uint timePlusFee = timeShared + fee; However, if the time remaining is less than the computed fee...
Approvals not cleared after key transfer
Handle cmichel Vulnerability details The locks implement three different approval types, see onlyKeyManagerOrApproved for an overview: key manager map keyManagerOf single-person approvals map approved. Cleared by clearApproval or setKeyManagerOf operator approvals map managerToOperatorApproved Th...
Key self transfers lead to expiry
Handle cmichel Vulnerability details The MixinTransfer.shareKey function does not disallow transfering the key to oneself, i.e. from == recipient. When doing a self-transfer, the remaining time for oneself should be reduced by the fees, but the keys immediately expire due to explicitly setting th...
MixinTransfer.sol#transferFrom Wrong implementation can potentially allows attackers to reverse transfer and cause fund loss to the users
Handle WatchPug Vulnerability details if toKey.tokenId == 0 toKey.tokenId = tokenId; recordOwnerrecipient, tokenId; // Clear any previous approvals clearApprovaltokenId; if previousExpiration = block.timestamp // The recipient did not have a key, or had a key but it expired. The new expiration is...