3 matches found
Caller.callBatched doesn't enforce msg.value is equal to sum of call values
Lines of code Vulnerability details For each call in callBatched, we pass a value to be sent along with the call: for uint256 i = 0; i calls.length; i++ Call memory call = callsi; returnDatai = callsender, call.to, call.data, call.value; The sum of the values of the calls should be equal to...
GiantMevAndFeesPool::afterTokenTransfer doesn't update claimed amount of sender
Lines of code Vulnerability details Impact After a token transfer of GiantMevAndFeesPool's GiantLP, the receiver gets their claimed amount updated to the correct value, but the sender does not. If more than zero tokens were transferred, that amount in the sender's future rewards will be lost, and...
_generateNewTokenId can create collisions
Handle sirhashalot Vulnerability details Impact The ERC721 standard requires that "for any ERC-721 Contract, the pair contract address, uint256 tokenId must be globally unique" quoted from . However, the generateNewTokenId function can produce tokenId values that are not globally unique. This wou...