You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
function addAddressOfEarlyPayment() allows any person to add themselves as earlypayer regardless if they are or not and this will open a vulnerability that allows the persons to attack the contract by claiming or withdrawing what he/she has no right to.
Note: The impact of the above can also result to the attack in issue #56 stated previously.
Recommendation
it is advisable to check if a user is indeed a valid earlypayer by adding one or two checks before they can be given the opportunity to withdraw their part of the share.
The text was updated successfully, but these errors were encountered:
Description
Affects both Vault5 and Vault10.
function addAddressOfEarlyPayment() allows any person to add themselves as earlypayer regardless if they are or not and this will open a vulnerability that allows the persons to attack the contract by claiming or withdrawing what he/she has no right to.
Context
Vault5.sol SLOC 62
POC
Note: The impact of the above can also result to the attack in issue #56 stated previously.
Recommendation
it is advisable to check if a user is indeed a valid earlypayer by adding one or two checks before they can be given the opportunity to withdraw their part of the share.
The text was updated successfully, but these errors were encountered: