2 matches found
New owner of user proxy can prevent old owner from using the system
Lines of code Vulnerability details Impact In deployFor, owner is called if there is already an entry for the provided address. This can be exploited by a sophisticated attacker to make the system completely unusable for a user. Proof Of Concept Alice transfers her proxy to Bob through...
Old owner can still set automation / management for vaults after ownership transfer
Lines of code Vulnerability details Impact When the ownership of a user proxy is transferred, proxyRegistry.getCurrentProxy does not reflect this and still returns the proxy for the previous owner. This can be exploited in the access check of setAutomation. Because setManagement has the same chec...