3 matches found
AccountingEngine can only transfer a maximum of 1% of the surplus to the designated extraSurplusReceiver
Lines of code Vulnerability details Impact The impact of this vulnerability is related to the validation of the surplus transfer percentage in the AccountingEngine contract. The vulnerability arises from an incorrect validation check that restricts the surplus transfer percentage to WAD 1%. Proof...
Wrong WAD calculation in AccountingEngine contract leading to start auction with selling amount minimum 100 time bigger than expected
Lines of code Vulnerability details Impact In the Math library, 1 WAD is equal to 1e18 which is assumed 1 For example: wmul2e18, 4e18 = 8e18 In AccountingEngine contract, the devs assumed that 1 WAD is equal to 0.01 1%, 100 WAD is equal to 1 100%. Hence, the function auctionSurplus will make star...
Scaling Issue in AccountingEngine.auctionSurplus Causing Token Drains
Lines of code Vulnerability details Impact The impact of this vulnerability is significant as it leads to a scaling problem in surplus auctions conducted by the AccountingEngine. The vulnerability arises from the way the amountToSell in surplusAuctionHouse.startAuction call and rad in...