3 matches found
Anyone Can Become Owner Of XC20Wrapper Contract
Lines of code Vulnerability details Anyone can become the owner of the XC20Wrapper contract by calling the XC20Wrapper.setup function. Proof-of-Concept The XC20Wrapper contract inherits from Upgradable contract. contract XC20Wrapper is AxelarExecutable, Upgradable As such, the XC20Wrapper contrac...
No storage gap for Upgradable contract might lead to storage slot collision
Lines of code Vulnerability details Impact For upgradeable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...
XC20Wrapper may lost received token forever if LocalAsset(xc20).mint is reverted indefinitely
Lines of code Vulnerability details Impact XC20Wrapper may lost received token forever if LocalAssetxc20.mint is reverted indefinitely. Similar to ERC20, the spec said that if mitn returns false it means minting is failed. But it is commonly revert instead of returning false which is also a minti...