Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2022/12/05 12:0 a.m.5 views

Upgraded Q -> M from #251 [1670231833702]

Judge has assessed an item in Issue 251 as M risk. The relevant finding follows: AutoPxGlp.setPlatform and AutoPxGmx.setPlatform break the vaults functionalities. Looking at AutoPxGlp.setPlatform: this admin setter allows the owner to change the pirexGmx address in AutoPxGlp. The issue is that it...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.7 views

Incentive fund loss when calling claim() in AutoPxGlp/PxGmxRewards because it calls this.compound(,,true) which would transfer incentive to contract itself and those funds won't be calculated as rewards or fee and won't be accessible to withdraw

Lines of code Vulnerability details Impact Function claim in PxGmxReward contract is used for claiming available pxGMX rewards of a user. but this function calls IAutoPxGlpaddressthis.compound1, 1, true; to harvest new rewards and stake them to compound rewards. but this call is external call and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.10 views

Steal deposit fund in ERC4626 vault by exchange rate manipulation

Lines of code Vulnerability details Impact Although the PirexERC4626 and AutoPxGlp contract check for 0 shares, the rounding down error can still be used to steal new user deposit. Part of the new deposit could be stolen. The attacker may monitor the pool activities to catch the steal...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.12 views

Potential uint underflow

Lines of code Vulnerability details Impact Potential underflow if shares is greater than totalSupply Proof of Concept Tools Used Manual review Recommended Mitigation Steps Before the following line, check if totalSupply is greater or equal to shares --- The text was updated successfully, but thes...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.8 views

AutoPxGlp and AutoPxGmx are not compliant with ERC4626 standard

Lines of code Vulnerability details Proof of Concept In both contracts, the previewWithdraw function has the same body // Calculate shares based on the specified assets' proportion of the pool uint256 shares = convertToSharesassets; // Save 1 SLOAD uint256 totalSupply = totalSupply; // Factor in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.8 views

Underlying assets stealing in AutoPxGmx and AutoPxGlp via share price manipulation

Lines of code Vulnerability details Impact pxGMX and pxGLP tokens can be stolen from depositors in AutoPxGmx and AutoPxGlp vaults by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying toke...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.8 views

Deposits and compounds will be frozen after a PirexGmx migration

Lines of code Vulnerability details Impact After a migration of the platform PirexGmx contract, the approval of the AutoPxGlp from the new PirexGmx contract will be zero. The same issue is here for the AutoPxGmx contract. Proof of Concept Even though the approval of gmxBaseReward formerly WETH fo...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.16 views

fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be executed for those rewards

Lines of code Vulnerability details Impact Function compound in AutoPxGmx and AutoPxGlp contracts is for compounding pxGLP and additionally pxGMX rewards. it works by calling PirexGmx.claimpx, this to collect the rewards of the vault and then swap the received amount to calculate the reward,...

6.8AI score
Exploits0
Rows per page
Query Builder