5 matches found
asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT
Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...
The owner of the asD contract (i.e. the creator) can not withdraw the accrued interest
Lines of code Vulnerability details Impact The asD.withdrawCarry function will always throw an error for all normal totalSupply values due to inappropriate scale factor. So the creator can withdraw the accrued interest only after all users will burn their asD tokens. Proof of Concept The scale...
Loss of interests due to loss of precision
Lines of code Vulnerability details Impact Users can lose accrued interest due to loss of precision during calculation. It is possible that the interestsvTokenuser.rewardIndex is changed and the interestsvTokenuser.accrued is never increased. Proof of Concept The interestsvTokenuser.rewardIndex a...
A malicious user can reduce a staker's rewards
Lines of code Vulnerability details Impact A user's interest is accrued through the executeBoost function, which calls interestAccrued which performs calculations on how much the user has accrued. Said calculations are made by subtracting the user's rewardIndex from the current market rewardIndex...
No accured interest charge and decrese operation in DBR
Lines of code Vulnerability details Impact although DBR record the accured interest when it increasing, but there is no other operation on it, so if a user borrowed from the protocol, there is no interest chargement of it, and on top of that, the deficitOf function represent the user's debt...