4 matches found
[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens
Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...
It might not be possible to applyRewards(), if an amount received is less than 0.05 eth
Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked bi-weekly in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or...
VotiumStrategyCore.applyRewards can be sandwhiched
Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched, so users rewards will be lost. Proof of Concept VotiumStrategyCore.applyRewards will be used in order to swap all rewards to eth and then distribute eth to the safEth or vEth. The problem here is that...
VotiumStrategyCore.applyRewards can be sandwhiched to make profit
Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched to make profit. Proof of Concept VotiumStrategyCore.applyRewards function will swap all rewards of contract into eth and then stake them into safEth or vEth contract. As result price of afEth token will...