2 matches found
Anyone can set mapTokenMember_Units
Handle paulius.eth Vulnerability details Impact Anyone can call functions lockUnits and unlockUnits not only router as it does not have any authorization checks. Thus it is possible to set any values for an account and thus make functions that rely on these values misbehave or fail. Recommended...
Missing access restriction on lockUnits/unlockUnits
Handle @cmichelio Vulnerability details Vulnerability Details The Pool.lockUnits allows anyone to steal pool tokens from a member and assign them to msg.sender. Impact Anyone can steal pool tokens from any other user. Recommended Mitigation Steps Add access control and require that msg.sender is...