6 matches found
NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()
Lines of code Vulnerability details Impact Should a user accidentally send ETH to the NestedFactory, anyone can utilise it to their own benefit by calling processOutputOrders / processInputAndOutputOrders. This is possible because: 1. receive has no restriction on the sender 2. processOutputOrder...
NestedFactory does not track operators properly
Lines of code Vulnerability details NestedFactory extends the MixinOperatorResolver contract which comes from the synthetix/MixinResolver.sol code base where the expectation is that isResolverCached returns false until rebuildCache is called and the cache is fully up to date. Due to a medium issu...
Wrong rebuild cache logic
Lines of code Vulnerability details Impact Currently, many core operations like NestedFactory.create, NestedFactory.swapTokenForTokens are dependent on the assumption that the cache is well synced before these functions are executed however this may not necessarily be the case. Proof of Concept T...
Ensure on-chain that cache is synced
Handle GreyArt Vulnerability details Impact Currently, many core operations like NestedFactory.create, NestedFactory.swapTokenForTokens are dependent on the assumption that the cache is synced before these functions are executed however this may not necessarily be the case. Proof of Concept 1...
NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH
Handle GreyArt Vulnerability details Impact A user that mistakenly calls either create or addToken with WETH or another ERC20 as the input token, but includes native ETH with the function call will have his native ETH permanently locked in the contract. Recommended Mitigation Steps It is best to...
Copy your own portfolio to keep earning royalties
Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol going through the create function which leads to the sendFeesWithRoyalties = addShares function, Im not seeing any checks preventing someone from copying their own portfolio and receiving royalty shares for it and simply repeating...