8 matches found
Upgraded Q -> M from #251 [1670231833702]
Judge has assessed an item in Issue 251 as M risk. The relevant finding follows: AutoPxGlp.setPlatform and AutoPxGmx.setPlatform break the vaults functionalities. Looking at AutoPxGlp.setPlatform: this admin setter allows the owner to change the pirexGmx address in AutoPxGlp. The issue is that it...
Incentive fund loss when calling claim() in AutoPxGlp/PxGmxRewards because it calls this.compound(,,true) which would transfer incentive to contract itself and those funds won't be calculated as rewards or fee and won't be accessible to withdraw
Lines of code Vulnerability details Impact Function claim in PxGmxReward contract is used for claiming available pxGMX rewards of a user. but this function calls IAutoPxGlpaddressthis.compound1, 1, true; to harvest new rewards and stake them to compound rewards. but this call is external call and...
Steal deposit fund in ERC4626 vault by exchange rate manipulation
Lines of code Vulnerability details Impact Although the PirexERC4626 and AutoPxGlp contract check for 0 shares, the rounding down error can still be used to steal new user deposit. Part of the new deposit could be stolen. The attacker may monitor the pool activities to catch the steal...
Potential uint underflow
Lines of code Vulnerability details Impact Potential underflow if shares is greater than totalSupply Proof of Concept Tools Used Manual review Recommended Mitigation Steps Before the following line, check if totalSupply is greater or equal to shares --- The text was updated successfully, but thes...
AutoPxGlp and AutoPxGmx are not compliant with ERC4626 standard
Lines of code Vulnerability details Proof of Concept In both contracts, the previewWithdraw function has the same body // Calculate shares based on the specified assets' proportion of the pool uint256 shares = convertToSharesassets; // Save 1 SLOAD uint256 totalSupply = totalSupply; // Factor in...
Underlying assets stealing in AutoPxGmx and AutoPxGlp via share price manipulation
Lines of code Vulnerability details Impact pxGMX and pxGLP tokens can be stolen from depositors in AutoPxGmx and AutoPxGlp vaults by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying toke...
Deposits and compounds will be frozen after a PirexGmx migration
Lines of code Vulnerability details Impact After a migration of the platform PirexGmx contract, the approval of the AutoPxGlp from the new PirexGmx contract will be zero. The same issue is here for the AutoPxGmx contract. Proof of Concept Even though the approval of gmxBaseReward formerly WETH fo...
fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be executed for those rewards
Lines of code Vulnerability details Impact Function compound in AutoPxGmx and AutoPxGlp contracts is for compounding pxGLP and additionally pxGMX rewards. it works by calling PirexGmx.claimpx, this to collect the rewards of the vault and then swap the received amount to calculate the reward,...