Did you spot the vulnerability in the code below?
Scroll down if you're ready for the answer 👇
Spearbit
@spearbit
04-02
Can you spot the vulnerability?
The setConsensusLayerData function in the River contract is designed to update validator data, manage the coverage fund, and ensure the protocol's stability in case of emergencies. The function utilizes a coverage fund to cover potential losses
The function _swapNFTsForToken() of LSSVMRouter calls safe-
TransferFrom(), which then calls ERC721Received of assetRecipient.
A malicious assetRecipient could manipulate its NFT balance by buying additional NFTs via the Pair and sending or selling them back to the Pair, enabling
Questions about security? Connect with our team:
From Twitter
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
