2 matches found
refundETH has no access control and be called repeatedly or Can be Front runned to steal WETH funds from Contract
Lines of code Vulnerability details Impact The function refundETH has no access control and called be called anyone resulting in a loss of WETH funds if address0 is entered as the recipient for removeLiquidity Proof of Concept Consider the scenario if bob calls removeliquidity which returns WETH...
Protocol can steal WETH founds
Lines of code Vulnerability details Impact The protocol can steal WETH founds with the refunds gas cost mechanism in the functions matchOneToOneOrders, matchOneToManyOrders and matchOrders This functions can call only by the MATCHEXECUTOR but we don't know what is this contract/address according...