c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Fix looks good. Root cause of issues was that balance() returned the ERC20.balanceOf() the underlying derivatives contracts, allowing attackers to manipulate it via donation. Now the contracts use internally tracked balances that can't be manipulated.