atm: Revert atm_account_tx() if copy_from_iter_full() fails.

...

CRITICAL UPGRADES IN THE DIAMOND PROXY COULD BE MISSED DUE TO INVALID ACTIONS PASSED IN

Lines of code Vulnerability details Impact The LibDiamond.diamondCut function is used to modify the facets by passing in the FacetCut structs. The FacetCut struct contains the action to perform: add, replace and remove and the function selectors to use for them. Here the function implementation...

It is possible for a user's ETH to be trapped inside the contracts.

Lines of code Vulnerability details Impact It is possible that a user's ETH will be trapped inside the contracts. returnETHIfAnyoriginator; But in the implementation of the returnETHIfAny function, it will just silently return even the returning ETH transaction fails. As a result, even if the use...

Withdraw all with amount: type(uint256).max in native token (ETH) will always revert

Lines of code Vulnerability details if amount == typeuint256.max uint256 decimal = IERC20Detailedasset.decimals; amount = amountToWithdraw.multhis.pricePerShare.div10decimal; Per the comment: The asset address for collateral asset = 0x0000000000000000000000000000000000000000 means to use ETH as...

require check doesnt comply with an underlying token that implemented fee in the transfer and transferFrom function

Handle Tomio Vulnerability details Impact The implementation for the transferAndCheckUnderlying function can revert the transaction if the underlying token is implementing a fee on the transfer and transferFrom function, this can happen because when a token implementing a fee on transfer, it...