search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Anyone can set mapTokenMember_Units #278

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

paulius.eth

Vulnerability details

Impact

Anyone can call functions lockUnits and unlockUnits (not only router) as it does not have any authorization checks. Thus it is possible to set any values for an account and thus make functions that rely on these values misbehave or fail.

Recommended Mitigation Steps

Add authorization so only the intended entities would be able to lock and unlock units.

strictly-scarce commented 3 years ago

https://github.com/code-423n4/2021-04-vader-findings/issues/208

0xBrian commented 3 years ago

https://github.com/vetherasset/vaderprotocol-contracts/issues/102

dmvt commented 3 years ago

duplicate of #208