5 matches found
Lack of access control for sweepToken, refundETH, unwrapWETH9 in Router.sol
Lines of code Vulnerability details Impact Lack of access control for sweepToken, refundETH, unwrapWETH9 in Router.sol, any WETH token, ETH and ERC20 sent to Router.sol is lost and claimable to anyone. Proof of Concept the function unwrapWETH9 and sweepToken and refundETH has no access control an...
Router.exactInputInternal doesn't check that swapped amount is same as amountIn provided by user
Lines of code Vulnerability details Impact Router.exactInputInternal doesn't check that swapped amount is same as amountIn provided by user. In case if it's not, then exact function doesn't do what it should. It doesn't trade exact amount of tokens. Proof of Concept If user calls...
Swap fees are not accounted for if users swap directly from the pools
Handle shw Vulnerability details Impact The Pool calculates swap fees whenever there is a swap between the SPARTA and the TOKEN or synths. The Router uses this fee value to decide the amount of dividend transferred from the Reserve to the Pool. However, if a user performs the swap by directly...
Allowing duplicated anchors could cause bias on anchor price.
Handle shw Vulnerability details Impact In Router.sol, the setup of the five anchors can be interrupted by anyone adding a new anchor due to the lack of access control of the listAnchor function. Also, duplicate anchors are allowed. If the same anchor is added three times, then this anchor biases...
User may not get IL protection if certain functions are called directly in Pools.sol
Handle 0xRajeev Vulnerability details Impact Functions removeLiquidity and removeLiquidityDirectly when called directly, do not provide the the user with IL protection unlike when calling the corresponding removeLiquidity function in Router.sol. This should be prevented, at least for...