Closed code423n4 closed 2 years ago
so maybe need to be documented better. But that is the intended behavior.
As external calls are only initiated by an account satisfying the protectedCall
modifier, it doesn't seem like this would be an issue. As the sponsor has pointed out, this is intended behaviour by the contract.
Handle
0x0x0x
Vulnerability details
callFacet
is based on unprotected calls and user funds can get stolen using them. This is unsafe for users and at least this risk has to be better documented.