3 matches found
possibility of front-run on swap()
Lines of code Vulnerability details Impact The user swapper could lose all their money Proof of Concept 1- the user invokes swap with tokenIn == ohm 2- on this line MINTR.burnOhmaddressthis, amountIn; this user send their money to the TRSRY.sol 3- keeper invoke beat to update the price 4- here...
TokenIn can be swept if saleRecipient == tokenSale
Lines of code Vulnerability details The initialize and setSaleRecipient function allows setting the saleRecipient to the contract itself, which means the tokenIn will remain in the contract. It can then be transferred out by calling sweep. This condition described in sweep does not hold anymore...
[WP-H3] saleRecipient can rug buyers
Lines of code Vulnerability details In TokenSaleUpgradeable.solbuy, tokenIn will be transferred from the buyer directly to the saleRecipient without requiring/locking/releasing the correspoining amount of tokenOut. This allows the saleRecipient to rug the users simply by not transferring tokenOut...