You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Description
The VaultBitcoinWallet contract does not set the satoshiPerByte fee during deployment, which can be leveraged by users to bypass fees before the setFee function is called. This vulnerability arises because the setFee function is not invoked in the constructor, leaving the satoshiPerByte fee uninitialized until explicitly set after deployment.
Attack Scenario
A user could exploit this vulnerability by performing transactions that bypass the fee mechanism before the setFee function is called. This could result in financial losses of protocol
Attachments
Proof of Concept (PoC) File
The constructor of the VaultBitcoinWallet contract does not include a mechanism to set the satoshiPerByte fee:
To mitigate this issue, the constructor should be modified to include a parameter for the initial fee and set it during deployment. This ensures that the fee is set immediately upon contract creation.
Github username: --
Twitter username: --
Submission hash (on-chain): 0xa99bd68bb8f9994f1925459648a4e5caf208d243cd83ce7dacdbe72209d76551
Severity: medium
Description:
Description
The
VaultBitcoinWallet
contractdoes not set
thesatoshiPerByte
fee during deployment, which can be leveraged by users to bypass fees before thesetFee
function is called. This vulnerability arises because thesetFee
function isnot invoked
in theconstructor
, leaving thesatoshiPerByte
fee uninitialized untilexplicitly set
after deployment.Attack Scenario
A user could exploit this vulnerability by performing transactions that bypass the fee mechanism before the setFee function is called. This could result in financial losses of protocol
Attachments
The constructor of the VaultBitcoinWallet contract does not include a mechanism to set the satoshiPerByte fee:
The text was updated successfully, but these errors were encountered: