Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2021/11/12 12:0 a.m.12 views

Anyone Can Arbitrarily Call FSDVesting.updateVestedTokens()

Handle leastwood Vulnerability details Impact The updateVestedTokens function is intended to be called by the FSD.sol contract when updating a user's vested token amount. A check is performed to ensure that user == beneficiary, however, as user is a user controlled argument, it is possible to spo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.7 views

Missing access restriction on Vesting.updateVestedTokens

Handle cmichel Vulnerability details The FSDVesting.updateVestedTokens function is supposed to be called by the FDS contract only which also mints tokens to the contract. However, it does not have any access restrictions which leads to circumventing the vesting and further griefing attacks. POC...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.12 views

FSDVesting: Restrict updateVestedTokens() calls to only FSD token contract

Handle hickuphh3 Vulnerability details Impact The updateVestedTokens increases the amount of tokens to be vested for a beneficiary. There is no access restriction to the function. The intended total vesting duration is 30 months with a 12-month cliff where 5% is immediately unlocked, and the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.14 views

Insufficient check on updateVestedTokens function

Handle rfa Vulnerability details Impact This function can be used by the beneficiary to update their vested token, however the function is callable by anyone, there is no check if the msg.sender/caller is the correct beneficiary, the only check is , but this check is user controllable, therefore...

6.9AI score
Exploits0
Rows per page
Query Builder