4 matches found
Centralisation risk
Lines of code Vulnerability details Impact The protocol has a onlyGovernor role with privileged rights to perform administrator tasks that can affect users. Proof of Concept The governorhave control over crucial function that can be updated and change according to the governor discretion. functio...
When Creating a Safe Via ODSafeManager::openSAFE, the User Proxy Is Wrongly Set As the Safe Owner
Lines of code Vulnerability details Impact We can observe from Vault721::mint function that the input usr in ODSafeManager::openSAFE function needs to be a previously built proxy of the user address. function mintaddress proxy, uint256 safeId external requiremsg.sender == addresssafeManager, 'V72...
Since the build function in 'Vault721' allows anyone to deploy a new ODProxy for any user without proper checks, it creates a potential exploit.
Lines of code Vulnerability details Impact The ability to freely deploy ODProxy contracts through the Vault721 contract's build function represents a significant security vulnerability. Exploitation of this vulnerability could lead to: Unauthorized Actions: Malicious actors could deploy proxies f...
Updating safeManager reference in Vault721 will brick transfer of safes
Lines of code Vulnerability details Impact Updating safeManager reference in Vault721 will brick safe transfers since the state of the new ODSafeManager instance won't have corresponding data. In addition, it is not clear how it would be possible to achieve seamless migration as particular...