Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.7 views

[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens

Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/26 12:0 a.m.13 views

It might not be possible to applyRewards(), if an amount received is less than 0.05 eth

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked bi-weekly in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/25 12:0 a.m.8 views

VotiumStrategyCore.applyRewards can be sandwhiched

Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched, so users rewards will be lost. Proof of Concept VotiumStrategyCore.applyRewards will be used in order to swap all rewards to eth and then distribute eth to the safEth or vEth. The problem here is that...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/25 12:0 a.m.8 views

VotiumStrategyCore.applyRewards can be sandwhiched to make profit

Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched to make profit. Proof of Concept VotiumStrategyCore.applyRewards function will swap all rewards of contract into eth and then stake them into safEth or vEth contract. As result price of afEth token will...

7AI score
Exploits0
Rows per page
Query Builder