Open code423n4 opened 3 years ago
@cmichelio
The Pool.lockUnits allows anyone to steal pool tokens from a member and assign them to msg.sender.
Pool.lockUnits
member
msg.sender
Anyone can steal pool tokens from any other user.
Add access control and require that msg.sender is the router or another authorized party.
Valid, although this is part of the partially-complete lending code.
Handle
@cmichelio
Vulnerability details
Vulnerability Details
The
Pool.lockUnits
allows anyone to steal pool tokens from amember
and assign them tomsg.sender
.Impact
Anyone can steal pool tokens from any other user.
Recommended Mitigation Steps
Add access control and require that
msg.sender
is the router or another authorized party.