Lucene search
K

7 matches found

Code423n4
Code423n4
•added 2023/10/04 12:0 a.m.•6 views

pendingScoreUpdates counts may be corrupted

Lines of code Vulnerability details Vulnerability details Prime.pendingScoreUpdates is used to record the number of users whose score needs to be recalculated when addMarket , updateAlpha , updateMultipliers occurs. Record pendingScoreUpdates=totalIrrevocable + totalRevocable when the above metho...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/14 12:0 a.m.•5 views

Upgraded Q -> M from #276 [1668468011155]

Judge has assessed an item in Issue 276 as M risk. The relevant finding follows: Misaligned parameters when calling beforeTokenTransfer in LBToken:burn LBToken.sol L237 address0 and account should be switched on calling beforeTokenTransfer in LBToken:burn. There's no side effects currently becaus...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/14 12:0 a.m.•9 views

Upgraded Q -> M from #449 [1668465456097]

Judge has assessed an item in Issue 449 as M risk. The relevant finding follows: Error when calling beforeTokenTransfer in the LBToken burn function | Low | 1 --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/10 12:0 a.m.•16 views

Loss of tokens due to wrong burn function

Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/30 12:0 a.m.•10 views

Owner's delegates should be decreased in _burn()

Lines of code Vulnerability details function burnuint tokenId internal requireisApprovedOrOwnermsg.sender, tokenId, "caller is not owner nor approved"; address owner = ownerOftokenId; // Clear approval approveaddress0, tokenId; // TODO add delegates // Remove token removeTokenFrommsg.sender,...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/29 12:0 a.m.•12 views

withdraw() and merge() functions of VotingEscrow won't work when an approved user(not owner) calls because _burn() function fails.

Lines of code Vulnerability details Impact withdraw and merge functions of VotingEscrow won't work when an approved usernot owner calls. Proof of Concept withdraw and merge functions call burn function inside and burn function calls removeTokenFrom using msg.sender. But removeTokenFrom requires...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/01/05 12:0 a.m.•13 views

Missing burn function in _unlock function

Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...

6.9AI score
Exploits0
Rows per page
Query Builder