Closed code423n4 closed 3 years ago
cmichel
The Visor.timeLockERC20 allows locking any amount of tokens exceeding the contract's token balance.
Visor.timeLockERC20
The recipient might think that they'll receive the tokens after expiry but it could be that the contract is already out of tokens by then.
Make sure that the contract has enough tokens to cover all locks at all times.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
Visor.timeLockERC20allows locking any amount of tokens exceeding the contract's token balance.Impact
The recipient might think that they'll receive the tokens after expiry but it could be that the contract is already out of tokens by then.
Recommended Mitigation Steps
Make sure that the contract has enough tokens to cover all locks at all times.