3 matches found
[M-01] Public Vault cannot be reactivated after Shutdown.
Lines of code Vulnerability details Impact If the strategist who created the vault is compromised/hacked or accidentally/intentionally shutdown the vault by call shutdown the public vault cannot be resumed. There is no function that sets isShutdown = false. Unintentional shutdown of a large publi...
LienToken.transferFrom There is a possibility of malicious attack
Lines of code Vulnerability details Impact Corrupt multiple key properties of public vault, causing vault not to function properly Proof of Concept When LienToken.makePayment/buyoutLien/payDebtViaClearingHouse If it corresponds to PublicVault, it will make multiple changes to the vault, such as:...
[M-02] Strategist has full control over Public Vault it can be risky for depositors
Lines of code Vulnerability details Impact The strategist has full control over all key functions. If the strategist is compromised or hacked he will be able to manipulate the vault. For example, increase the depositCap modifyDepositCapuint256 newCap, add a depositor to the whitelist...