2 matches found
outputBasket address not checked in EthSingleTokenJoin.sol
Handle jayjonah8 Vulnerability details Impact In the joinToKenEth function in EthSingleTokenJoin.sol, the outputBasket within the passed in data is not checked and could be an attacker controlled address returning any thing it wants in fake versions of calcTokensForAmount and joinPool functions...
In SingleTokenJoinV2.sol, a user can provide malicious input
Handle jayjonah8 Vulnerability details Impact In SingleTokenJoinV2.sol, a user can provide malicious input to the joinTokenSingle function providing an attacker controlled inputToken and an attacker controlled outputBasket. This fake outputBasket can return anything it wants from a fake joinPool...