2 matches found
Drain of funds by reentrancy in OpenLevV1.addMarket
Handle 0x1f8b Vulnerability details Impact It's possible to create a market, create trades, create a new market with different values, and preserve the previous trades pointing to the new tokens. Proof of Concept The method addMarket inside the contract OpenLevV1Lib increase the marketId numPairs...
OpenLevV1Lib's and LPool's doTransferOut functions call native payable.transfer, which can be unusable for smart contract calls
Handle hyh Vulnerability details Impact When OpenLev operations use a wrapped native token, the whole user withdraw is being handled with a payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way any programmatical usage...