3 matches found
Ether can be locked in the PoolFactory contract without a way to retrieve it
Handle broccolirob Vulnerability details If a borrower calls the createPool function with a non-zero value, but also includes an ERC20 token address for collateralToken, then the Ether value sent will be locked in the PoolFactory contract forever. createPool L260-317 In the createPool function, a...
Unbounded iteration in curatedPoolCount
Handle cmichel Vulnerability details The PoolFactory.curatedPoolCount iterates over all arrayPools. Anyone can push to this array by creating a pool making this attack easy to execute for an attacker. Impact The transactions can fail if the arrays get too big and the transaction would consume mor...
Contract Factory Replace
Handle 0xsomeone Vulnerability details Impact The PoolFactory contract is utilizing the create2 OPCODE via syntactic sugar to deploy a new Pool instance, however, no sanitization occurs on the inputs allowing contracts and thereby ownerships to be replaced at will. Proof of Concept If the...