1/ percolator-prog: TradeCpi lets a taker force a position onto any margined LP who never signed the txs. The program trusts a "matcher consent" account to stand in for the LP - but that account is attacker-owned and writable, so you just write the bytes a real opt-in would. there's no engine-enfor
@toly·4 jun 2026·negativo
Leer artículoResumen IA
A vulnerability in TradeCpi lets attackers force positions onto LPs without their consent due to a flawed consent mechanism.
Proyectos relacionados
