2022-02-18 17:34:58
mitre
PUBLISHED
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendors vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.