You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Severity: Medium Description:
The BaseEngine contract has the option to allow any other entity to perform actions on behave. This is recorded with an amount of actions which is inputted. This leads to the typical allowance vulnerability where allowance is set to x amount and changed to a new amount.
Simple example where this could lead to an issue:
UserA has set UserB to 50 allowedExecutions
UserB already executed 5 times, making allowedExecution 45
UserA now wants to grant another 10 actions, sending a tx to adjust the number to 55
UserB front runs UserA, spend the remaining 45 executions, and got another 55 times after the tx above is mined.
The text was updated successfully, but these errors were encountered:
Severity: Medium
Description:
The BaseEngine contract has the option to allow any other entity to perform actions on behave. This is recorded with an amount of actions which is inputted. This leads to the typical allowance vulnerability where allowance is set to x amount and changed to a new amount.
Simple example where this could lead to an issue:
allowedExecution
45The text was updated successfully, but these errors were encountered: