7 matches found
Withdrawing all funds at once to vault can be DoS attacked by frontrunning and locking dust
Lines of code Vulnerability details Impact All funds can be migrated withdrawn at once to the caller vault by using the BaseStrategy.withdrawToVault function which internally calls MyStrategy.withdrawAll. The latter function has the following check in place: MyStrategy.solL184-L187 require...
Any User May Transfer Rewards From AuraLocker To MyStrategy These Rewards Are Unaccounted For and Stuck
Lines of code Vulnerability details Impact Harvesting the rewards from AuraLocker incorrectly assumes that rewards are only transferred during harvest when LOCKER.getRewardsaddressthis is called. However it is possible for anyone to call AuraLocker.getRewardsaddressMyStrategy and transfer the...
Attacker can deposit for MyStrategy in AuraLocker make it unable to withdraw all.
Lines of code Vulnerability details Impact Function withdrawToVault in BaseStrategy will withdraw all funds from strategy to vault, it uses an internal function withdrawAll in MyStrategy. In this function, there is a check that no locked balance is still in AuraLocker. An attacker can keep deposi...
AuraClaimZap may transfer CVX tokens to itself which become locked in the contract
Lines of code Vulnerability details Impact During AuraClaimZap.claimExtras if the option LockCvx is set to false then the contract will transfer CVX tokens from the msg.sender to this contract without forwarding them on to the user. There is no way to retrieve these funds from the protocol and...
Integer overflow will lock all rewards in AuraLocker
Lines of code Vulnerability details Impact There is a potential overflow in the rewards calculations which would lead to updateReward always reverting. The impact of this overflow is that all reward tokens will be permanently locked in the contract. User's will be unable to call any of the...
Locking up AURA Token does not increase voting power of individual
Lines of code Vulnerability details Background Per the documentation, AURA tokens can be locked in the AuraLocker to recieve vlAURA. vlAURA is voting power in the AURA ecosystem. It is also possible for the users to delegate their voting power to a specific address by calling the...
AuraLocker kick reward only takes last locked amount into consideration, instead of whole balance
Lines of code Vulnerability details The issue occurs in AuraLocker, when expired locks are processed via kicking, and if all the user locks have expired. In this scenario, to calculate the kick reward, processExpiredLocks multiplies the last locked amount by the number of epochs between the last...