7 matches found
Upgraded Q -> H from 187 [1657760940788]
Judge has assessed an item in Issue 187 as High risk. The relevant finding follows: 1. rescueETH cannot rescue Ether rescueETH sends msg.value to the destination address, which means it requires the caller of rescueETH to provide the Ether to send. Essentially the owner is directly paying the...
Accumulated ETH fees of InfinityExchange cannot be retrieved
Lines of code Vulnerability details ETH fees accumulated from takeOrders and takeMultipleOneOrders operations are permanently frozen within the contract as there is only one way designed to retrieve them, a rescueETH function, and it will work as intended, not being able to access ETH balance of...
rescueETH function doesn't works as expected
Lines of code Vulnerability details Impact The rescueETH function is implemented to collect any unexpected ETH transferred to the infinityExchange.sol contract, But this function will not work as expected. The function is supposed to return the eth from the contract to the specified destination...
Rescue ETH at InfinityStaker.sol is incorrectly implemented
Lines of code Vulnerability details Impact Admins are unable to recover any ETH locked in the contract PoC The function rescueETHInfinityStaker.sol is incorrectly implemented. It is using msg.value instead of the balance of the contract /// @dev Admin function to rescue any ETH accidentally sent ...
ETH funds accidentally sent to InfinityStaker cannot be retrieved
Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...
Wrong implementation of rescueETH, causing the fees in native tokens to be frozen in the contract
Lines of code Vulnerability details /// @dev used for rescuing exchange fees paid to the contract in ETH function rescueETHaddress destination external payable onlyOwner bool sent, = destination.callvalue: msg.value''; requiresent, 'failed'; Recommendation Change to: /// @dev used for rescuing...
Accidental ETH transfers to InfinityStaker cannot be withdrawn
Lines of code Vulnerability details The rescueETH function is meant to allow the contract owner to withdraw ETH accidentally sent to the contract. However, it will forward the exact ETH amount sent by the caller to the given destination address, rather than withdraw ETH from the contract balance:...