Sparkly Fleece Mammoth
High
morpho.sol has all its functions as external. function getSupplyCollateralCalldata, function invokeSupplyCollateral,function getBorrowCalldata function invokeBorrow, function getWithdrawCollateralCalldata, function invokeWithdrawCollateral function invokeRepay,
a malicious actor can deploy a malicious isetToken.sol. and front-run an actual transaction that deposits asset and shares that into the actual isetToken.solsimply because it is not validated.
I1. malicious actor deploys a contract that implements the ISetToken interface but contains harmful logic 2. when a honest user calls any function in morpho.sol , he frontruns it so as to achieve; Redirecting of Funds: The malicious contract could redirect borrowed assets to an unintended address or drain funds. Manipulate State: They could manipulate the state of the lending protocol in a way that benefits them at the expense of other users or the protocol itself. Reentrancy Attacks: the malicious contract calls back into the Morpho library and can claim ownership roles, completely hacking the protocol
No response
No response