New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Sandwich attack in Router's crosstransfer function #484
Fix Sandwich attack in Router's crosstransfer function #484
Conversation
…l/fix/crosstransfer-sandwich-attack
…l/fix/crosstransfer-sandwich-attack
…github.com/Fujicracy/fuji-v2 into protocol/fix/crosstransfer-sandwich-attack
hey @daigarocota if yes |
The
I am failing to find a way how a "malicious" caller, can sandwhich another user. Neither _crossTransfer, or _crossTransferWithCall will allow someone random to pull another user's funds. If the user for some reason sets a random address in control of their "delegate" slippage, I see it no different than approving erc20 to a random address. |
Update was done. |
This PR addresses H-6