3 matches found
Anyone can deploy a pair with a potentially malicious token
Lines of code Vulnerability details By allowing anyone to create a pair with any two tokens there is a risk that an unsavory token will get included either as collateral or as an asset. It could range from a bad actor intentionally inserting a malicious token to a well-intentioned team that...
Unauthenticated access to Whitelist tokens
Lines of code Vulnerability details Impact If we observe the whitelist function at Voter.solL178, we will observe that only governor is allowed to whitelist tokens requiremsg.sender == governor. But this can be simply bypassed by a minter role using the initialize function which directly calls...
TwabRewards: fee on transfer token as promotion token will block at least one epoch reward claim
Handle GiveMeTestEther Vulnerability details Impact If the promotion token applies transfer fees, the total amount to claim will be less than "tokensPerEpoch numberOfEpochs" bcs a part of this amount is the fee = funds + fee, but only the "funds" can be withdrawn but the calculation in...