7 matches found
pendingScoreUpdates counts may be corrupted
Lines of code Vulnerability details Vulnerability details Prime.pendingScoreUpdates is used to record the number of users whose score needs to be recalculated when addMarket , updateAlpha , updateMultipliers occurs. Record pendingScoreUpdates=totalIrrevocable + totalRevocable when the above metho...
Upgraded Q -> M from #276 [1668468011155]
Judge has assessed an item in Issue 276 as M risk. The relevant finding follows: Misaligned parameters when calling beforeTokenTransfer in LBToken:burn LBToken.sol L237 address0 and account should be switched on calling beforeTokenTransfer in LBToken:burn. There's no side effects currently becaus...
Upgraded Q -> M from #449 [1668465456097]
Judge has assessed an item in Issue 449 as M risk. The relevant finding follows: Error when calling beforeTokenTransfer in the LBToken burn function | Low | 1 --- The text was updated successfully, but these errors were encountered: All reactions...
Loss of tokens due to wrong burn function
Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...
Owner's delegates should be decreased in _burn()
Lines of code Vulnerability details function burnuint tokenId internal requireisApprovedOrOwnermsg.sender, tokenId, "caller is not owner nor approved"; address owner = ownerOftokenId; // Clear approval approveaddress0, tokenId; // TODO add delegates // Remove token removeTokenFrommsg.sender,...
withdraw() and merge() functions of VotingEscrow won't work when an approved user(not owner) calls because _burn() function fails.
Lines of code Vulnerability details Impact withdraw and merge functions of VotingEscrow won't work when an approved usernot owner calls. Proof of Concept withdraw and merge functions call burn function inside and burn function calls removeTokenFrom using msg.sender. But removeTokenFrom requires...
Missing burn function in _unlock function
Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...