2 matches found
Upgraded Q -> M from #229 [1674661320954]
Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Centralization Risk Contract: Impact: It seems the poolAdmin holds too much power including changing reward controller, rescue tokens etc. This can allow poolAdmin to impact all users by changing the config or draini...
PoolAdmin can steal NFT from NTokens
Lines of code Vulnerability details Impact The executeAirdrop function allow pool admin to execute arbitrary call to arbitrary contract, including a transferFrom call to the underlying NFT contract. This can be used by the pool admin to steal NFT inside the NToken contracts. Since the rescueERC72...