search

code-423n4 / 2024-01-decent-findings

3 stars 3 forks source link

```UniSwapper :: `swapExactOut` can be called by anyone and contracts can loss funds #706

Closed c4-bot-6 closed 8 months ago

c4-bot-6 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-01-decent/blob/011f62059f3a0b1f3577c8ccd1140f0cf3e7bb29/src/swappers/UniSwapper.sol#L143

Vulnerability details

Impact

anyone can swap out token after they are locked. attacker can swap out all tokens for to them self.

Tools Used

manual

Recommended Mitigation Steps

add a function modifier for swapExactOut

Assessed type

Access Control

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #30

c4-judge commented 8 months ago

alex-ppg marked the issue as unsatisfactory: Insufficient quality

c4-judge commented 8 months ago

alex-ppg marked the issue as unsatisfactory: Out of scope