2 matches found
The _rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset
Lines of code Vulnerability details Impact abuse of sweeping arbitrary tokens. Proof of Concept The rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset Tools Used Manual Recommended Mitigation Steps Remove the tokenAddress parameter - no nee...
PoolAdmin can steal NFT from NTokens
Lines of code Vulnerability details Impact The executeAirdrop function allow pool admin to execute arbitrary call to arbitrary contract, including a transferFrom call to the underlying NFT contract. This can be used by the pool admin to steal NFT inside the NToken contracts. Since the rescueERC72...