5 matches found
ANYONE CAN STEAL ETH THROUGH METHODS IN Payment.sol
Lines of code Vulnerability details Impact In Payment.sol contract, there is no access control on unwrapWETH, sweepToken and refundETH. So anyone can call these method to steal the Eth. Proof of Concept File: src/periphery/Payment.sol function unwrapWETHuint256 amountMinimum, address recipient...
Anyone can withdraw contract funds
Lines of code Vulnerability details Impact There is a critical impact that an attacker could drain the entire eth balance of the contract by calling this refundETH function which lacks a modifier. The funds will go always to the caller of the function. Proof of Concept It is not a complex attack ...
refundETH has no access control and be called repeatedly or Can be Front runned to steal WETH funds from Contract
Lines of code Vulnerability details Impact The function refundETH has no access control and called be called anyone resulting in a loss of WETH funds if address0 is entered as the recipient for removeLiquidity Proof of Concept Consider the scenario if bob calls removeliquidity which returns WETH...
Lack of access control for sweepToken, refundETH, unwrapWETH9 in Router.sol
Lines of code Vulnerability details Impact Lack of access control for sweepToken, refundETH, unwrapWETH9 in Router.sol, any WETH token, ETH and ERC20 sent to Router.sol is lost and claimable to anyone. Proof of Concept the function unwrapWETH9 and sweepToken and refundETH has no access control an...
_depositToBentoBox sometimes uses both ETH and WETH
Handle cmichel Vulnerability details The TridentRouter.depositToBentoBox function only uses the ETH in the contract if it's higher then the desired underlyingAmount addressthis.balance = underlyingAmount. Otherwise, the ETH is ignored and the function uses WETH from the user. Impact Note that the...