4 matches found
delegatedTransferERC20() on line 442 of Visor.sol, able to get locked erc20 tokens
Handle Sherlock Vulnerability details Impact Because of getBalanceLocked not returning the full sum of the balances, if you have the approval you are able to transfer locked erc20 tokens. Proof of Concept Tools Used Hardhat Recommended Mitigation Steps Calculate balance using balance.add...
timeUnlockERC20() on line 619 of Visor.sol, able to unlock locked erc20 tokens
Handle Sherlock Vulnerability details Impact Because of getBalanceLocked not returning the full sum of the balances, you can unlock tokens that are locked. Even if the amount balanceaddressthis. You can just transfer tokens to the contract. With a flashloan like structure. Proof of Concept...
getBalanceLocked on line 202 of Visor.sol doesn't return the total balance, just the highest balance
Handle Sherlock Vulnerability details Impact Causes some internal miscalculations allowing people to take out locked funds using timeUnlockERC20 and delegatedTransferERC20 Proof of Concept Tools Used Hardhat Recommended Mitigation Steps Calculate balance using balance.add lockData.balance on line...
timelockERC721Keys could exceed the block size limit
Handle Sherlock Vulnerability details Impact On line 504 of Visor.sol, looping through the timelockERC721Keys could exceed the block size limit Proof of Concept N/A Tools Used Hardhat Recommended Mitigation Steps Transfer by index instead of token ID --- The text was updated successfully, but the...