Flexa

Findings · 7

1. 1 Initial configuration may allow an attacker to refund an unconfirmed deposit early on Low
2. 2 Front-running fallback root update might lead to additional withdrawal High
3. 3 Missing nonce on PendingDepositRefund event might lead to a double spend High
4. 4 A withdrawal root could be added again ater removal Informational
5. 5 Missing validations on administration functions Medium
6. 6 setOwner should be split into two separate functions Informational
7. 7 Reentrancy could cause incorrect information to be emitted Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.