4 matches found
If frontend == address(0), 10% of the ticket price is not used as intended
Lines of code Vulnerability details Impact The function buyTickets, has no check that frontend is not equal to zero address. This is possible if there was some misconfiguration from the frontend side or a player uses this function directly and does not set any address. In this case, the user...
Upgraded Q -> 2 from #523 [1677626174331]
Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...
Pool.sol: The collectProtocolFees() function can be called by anyone
Lines of code Vulnerability details Impact As specified in the documentation, the collectProtocolFees should be called only by the protocol owner. However, as this is an external function, an attacker is able to call it and to perform the actions inside the function. Proof of Concept The...
Missing access control in NFTFloorOracle::removeFeeder
Lines of code Vulnerability details Proof of Concept THe removeFeeder method is lacking onlyRoleDEFAULTADMINROLE modifier, even though the NatSpec states “Allows owner to remove feeder”. Due to this, now everyone can remove a feeder anytime. Different types of attack can be executed, one of which...