4 matches found
Solmate's SafeTransferLib won't check if token has code, which can affect transfers in SizeSealed
Lines of code Vulnerability details Impact Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in SizeSealed. Note that this might not be a problem for baseToken due to the check implemented in L103. However, thi...
Bid can be cancelled after being finalized
Lines of code Vulnerability details Impact The SizeSealed contract's cancelBid function can be called after auction has been finalized, thereby allowing the bidder to withdraw their quoteToken after bid is finalized This is possible by bypassing the if a.data.lowestQuote != typeuint128.max ||...
Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created
Lines of code Vulnerability details Impact createAuction in SizeSealed.sol performs no validation of the auction parameters AuctionParameters sent to it and will allow a Seller to create an auction with an ERC20 quoteToken of address0 putting at risk the baseToken that has real value. In addition...
[WP-H2] Transferring quoteToken to the exchange pool contract will cause future liquidity providers to lose funds
Handle WatchPug Vulnerability details In the current implementation, the amount of LP tokens to be minted when addLiquidity is calculated based on the ratio between the amount of newly added quoteToken and the current wallet balance of quoteToken in the Exchange contract. However, since anyone ca...