2 matches found
depositERC20To() and withdrawTo() is missing onlyEOA() modifier - Leading to loss of user funds
Lines of code Vulnerability details Impact StandardBridge.sol contract has a modifier called onlyEOA. The comment says 132 / 133 @notice Only allow EOAs to call the functions. Note that this is not safe against contracts 134 calling code within their constructors, but also doesn't really matter...
WithdrawTo() needs a zero address check for _to parameter
Lines of code Vulnerability details Impact The withdrawTo function in Booster.sol is missing a zero address check for to parameter. Tokens would be lost if to is zero address. Proof of Concept Tools Used Manual review Recommended Mitigation Steps User require to ensure to is not a zero address. -...