Lucene search
+L

4 matches found

Code423n4
Code423n4
•added 2023/10/25 12:0 a.m.•11 views

When Creating a Safe Via ODSafeManager::openSAFE, the User Proxy Is Wrongly Set As the Safe Owner

Lines of code Vulnerability details Impact We can observe from Vault721::mint function that the input usr in ODSafeManager::openSAFE function needs to be a previously built proxy of the user address. function mintaddress proxy, uint256 safeId external requiremsg.sender == addresssafeManager, 'V72...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/07 12:0 a.m.•7 views

ProxyFactory can circumvent ProxyRegistry

Lines of code Vulnerability details Impact The deployFor function in MIMOProxyFactory.sol can be called directly instead of being called within MIMOProxyRegistry.sol. This results in the ability to create many MIMOProxies that are not registered within the registry. The proxies deployed directly...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/06 12:0 a.m.•13 views

Ownership transfer not correctly handled for flash loans

Lines of code Vulnerability details Impact In response to a flashloan, proxyRegistry.getCurrentProxyowner is used to retrieve the correct user proxy and check that this proxy has initiated the flash loan. This can be problematic after ownership transfers of the proxy, where...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/06 12:0 a.m.•10 views

Automation / management can be set for not yet existing vault

Lines of code Vulnerability details Impact & Proof Of Concept vaultOwner returns zero for a non-existing vaultId. Similarly, proxyRegistry.getCurrentProxymsg.sender returns zero when msg.sender has not deployed a proxy yet. Those two facts can be combined to set automation for a vault ID that doe...

6.7AI score
Exploits0
Rows per page
Query Builder