Lucene search
+L

6 matches found

Code423n4
Code423n4
added 2022/02/12 12:0 a.m.13 views

NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()

Lines of code Vulnerability details Impact Should a user accidentally send ETH to the NestedFactory, anyone can utilise it to their own benefit by calling processOutputOrders / processInputAndOutputOrders. This is possible because: 1. receive has no restriction on the sender 2. processOutputOrder...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/12 12:0 a.m.9 views

NestedFactory does not track operators properly

Lines of code Vulnerability details NestedFactory extends the MixinOperatorResolver contract which comes from the synthetix/MixinResolver.sol code base where the expectation is that isResolverCached returns false until rebuildCache is called and the cache is fully up to date. Due to a medium issu...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/10 12:0 a.m.10 views

Wrong rebuild cache logic

Lines of code Vulnerability details Impact Currently, many core operations like NestedFactory.create, NestedFactory.swapTokenForTokens are dependent on the assumption that the cache is well synced before these functions are executed however this may not necessarily be the case. Proof of Concept T...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/11/17 12:0 a.m.10 views

Ensure on-chain that cache is synced

Handle GreyArt Vulnerability details Impact Currently, many core operations like NestedFactory.create, NestedFactory.swapTokenForTokens are dependent on the assumption that the cache is synced before these functions are executed however this may not necessarily be the case. Proof of Concept 1...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/17 12:0 a.m.7 views

NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH

Handle GreyArt Vulnerability details Impact A user that mistakenly calls either create or addToken with WETH or another ERC20 as the input token, but includes native ETH with the function call will have his native ETH permanently locked in the contract. Recommended Mitigation Steps It is best to...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/13 12:0 a.m.7 views

Copy your own portfolio to keep earning royalties

Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol going through the create function which leads to the sendFeesWithRoyalties = addShares function, Im not seeing any checks preventing someone from copying their own portfolio and receiving royalty shares for it and simply repeating...

7.1AI score
Exploits0
Rows per page
Query Builder