3 matches found
Potential reentrancy attack
Lines of code Vulnerability details Impact There is a potential of reentrancy attack in executeCalls in EthereumToArbitrumExecutor.sol since CallLib is making an external call with its executeCalls and we do not know the implementation of the contract that will be called eventually. The same issu...
fund steal by crating a lot of bad long positions and then transferring NFT token of long position to all users and trick them(or by mistake) to click on exercise()
Lines of code Vulnerability details Impact when fillOrder is called code mints two PuttyV2 NFT token, one for Long position and one for Short Position and It's possible to transfer this NFT tokens to others. exercising unwanted bad Long positions can cause users to lose funds and tokens, for...
There are multiple ways for admins/governance to rug users
Lines of code Vulnerability details Impact A malicious admin can steal user funds or lock their balances forever Even if the user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Proof of Concept Unlike the original Convex code that goes...