2 matches found
Lack of double step transfer in admin modification in a upgradeable contract is dangerous
Lines of code Vulnerability details Lack of double step transfer in admin modification in a upgradeable contract is dangerous Summary Double step transfer of admin / ownership should be a must in upgradeable contracts Vulnerability Detail Admin is changed with changeAdmin that calls changeAdmin,...
Rug vector for admin of Lender.sol who can max approve all principal tokens for any market without waiting the 3 days to themselves
Lines of code Vulnerability details Impact The admin of Lender.sol is authorized to call the function approve which will grant any address max approval over the principal tokens of a particular market. I assume that this functionality is used to approve the respective redeemer contracts used in...