You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 24, 2020. It is now read-only.
The code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.(3) Low Severity: the code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.
The text was updated successfully, but these errors were encountered:
The code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.(3) Low Severity: the code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.
The text was updated successfully, but these errors were encountered: