Although it is not currently used, the Slingshot._sendFunds() function sends the given amount twice, which can be badly exploited for the double spending attack, in case that the function happens to be utilized in the later version of the code.
Recommendation
Fix the function to send the amount only once (e.g., by removing the line 170), or remove the unused function altogether.
Handle
daejunpark
Vulnerability details
Impact
Although it is not currently used, the
Slingshot._sendFunds()
function sends the given amount twice, which can be badly exploited for the double spending attack, in case that the function happens to be utilized in the later version of the code.Recommendation
Fix the function to send the amount only once (e.g., by removing the line 170), or remove the unused function altogether.