3 matches found
Owner can bypass ERC20 recovery restrictions and take all rewards
Lines of code Vulnerability details Impact There is a function that is intended to be used to recover ERC20 tokens that were sent to the WardenPledge contract by accident. The function is only usable by the owner and contains a check that no tokens can be taken which are currently whitelisted as...
Owner can sweep any token
Lines of code Vulnerability details Impact Admin can sweep any token even if the token is in use by the contract. Ideally only non blacklisted tokens should be allowed by unlockTokens function function unlockTokensIERC20 token external override onlyOwner uint256 amount = token.balanceOfaddressthi...
TokenIn can be swept if saleRecipient == tokenSale
Lines of code Vulnerability details The initialize and setSaleRecipient function allows setting the saleRecipient to the contract itself, which means the tokenIn will remain in the contract. It can then be transferred out by calling sweep. This condition described in sweep does not hold anymore...