Passing an arbitrary from
address to transferFrom
(or safeTransferFrom
) can lead to loss of funds, because anyone can transfer tokens from the from
address if an approval is made.
Found in src/Airdrop.sol Line: 84
Found in src/Staking.sol Line: 92
Detect when msg.sender
is not used as from
in transferFrom
.
Because anyone can transfer funds from the from
address upon approval, there is an inherent risk of loss of funds as a result.
Aderyn and Slither
Use msg.sender
as from
in transferFrom
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.