3 matches found
No use of upgradeable SafeERC20 contract in Controller.sol
Lines of code Vulnerability details Impact Controller.sol makes use of Open Zeppelins ReentrancyGuardUpgradeable.sol in the file but does not use an upgradeable version of SafeERC20.sol Proof of Concept Tools Used Manual code review Recommended Mitigation Steps Make use of Open Zeppelins...
constructor function used with upgradeable contracts
Lines of code Vulnerability details Impact In FETH.sol it uses Open Zeppelin upgradeable contracts in the file while also including a constructor function. Upgradeable contracts should have an initialize function instead of a constructor in order not the clash with one another. Proof of Concept...
lockWithPermit() function allows for replay attacks and signature malleability
Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...