Lucene search
+L

4 matches found

code423n4
code423n4
•added 2022/08/03 12:0 a.m.•13 views

Malicious DepositBase may stole dust fund from ReceiverImplementation

Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver function...

6.8AI score
Exploits0
code423n4
code423n4
•added 2022/08/03 12:0 a.m.•13 views

Approve will fail

Lines of code Vulnerability details Impact Multiple ERC20 tokens require zero address approval before approving the required amount. The contract seems to be missing this. Proof of Concept 1. Observe the receiveAndSendNative function at ReceiverImplementation.sol...

6.9AI score
Exploits0
code423n4
code423n4
•added 2022/08/03 12:0 a.m.•13 views

Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom

Lines of code Vulnerability details Impact Its a good to add require statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affec...

6.8AI score
Exploits0
code423n4
code423n4
•added 2022/08/01 12:0 a.m.•12 views

Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract

Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...

7AI score
Exploits0
Rows per page
Query Builder