2 matches found
[WP-H24] Wrong design/implementation of permission control allows malicious/compromised Registry or Factory admin to steal funds from users' wallet balances
Handle WatchPug Vulnerability details The current design/implementation allows a market address registered on registry to call VaultaddValue and transfer tokens from an arbitrary address to a specified beneficiary up the approved amount at any time, and the beneficiary can withdraw the funds by...
[WP-H32] PoolTemplate.sol Attacker can call Factory#createMarket() and transfer funds from another user's wallet to the pool
Handle WatchPug Vulnerability details function initialize string calldata metaData, uint256 calldata conditions, address calldata references external override require initialized == false && bytesmetaData.length 0 && references0 != address0 && references1 != address0 && references2 != address0 &&...