4 matches found
Malicious DepositBase may stole dust fund from ReceiverImplementation
Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver function...
Approve will fail
Lines of code Vulnerability details Impact Multiple ERC20 tokens require zero address approval before approving the required amount. The contract seems to be missing this. Proof of Concept 1. Observe the receiveAndSendNative function at ReceiverImplementation.sol...
Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom
Lines of code Vulnerability details Impact Its a good to add require statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affec...
Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract
Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...