3 matches found
New treasury rate should not affect existing loan
Lines of code Vulnerability details Impact In the protocol, lenders have to pay a small treasury fee when they claim their interest. The contract owner can change this treasuryRate at any time using the function setTreasuryRate. // @audit treasury rate should not affect existing loan function...
Malicious or hacked admin can steal all ETH
Lines of code Vulnerability details Impact In L2EthToken.sol we have transferFromTo It is possible malicious or hacked admin to steal the ETH. Proof of Concept As can be seen from the code snippet below, nothing can stop malicious or hacked admin to steal all ETH. He can use address from and send...
Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket
Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...