1/ percolator-prog: TradeCpi lets a taker force a position onto any margined LP who never signed the txs. The program trusts a "matcher consent" account to stand in for the LP - but that account is attacker-owned and writable, so you just write the bytes a real opt-in would. there's no engine-enfor
@toly·2026년 6월 4일·부정
기사 읽기AI 요약
A vulnerability in TradeCpi lets attackers force positions onto LPs without their consent due to a flawed consent mechanism.
관련 프로젝트
