Fix looks good. Root cause of issues was that balance() returned the ERC20.balanceOf() the underlying derivatives contracts, allowing attackers to manipulate it via donation. Now the contracts use internally tracked balances that can't be manipulated.
Fix looks good. Root cause of issues was that balance() returned the ERC20.balanceOf() the underlying derivatives contracts, allowing attackers to manipulate it via donation. Now the contracts use internally tracked balances that can't be manipulated.