Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

Should also check balanceOfRewards in _withdrawAll()

Lines of code Vulnerability details Impact withdrawAll should check that all of your positions are unwinded. It does check balanceOfPool and LOCKER.balanceOf. Then withdrawToVault in BaseStrategy.sol can transfer all want to the vault. But it doesn’t check reward tokens. want could also be one of...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.15 views

If token == BADGER, the _handleRewardTransfer function does not work

Lines of code MyStrategy.solL405-L413 BaseStrategy.solL346-L353 Vault.solL396-L415 Vulnerability details Impact In MyStrategy.sol, when claiming bribes or sweeping reward tokens, the handleRewardTransfer function is called which calls sendToBadgerTree to send the amount of BADGER in the contract ...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.9 views

Add a timelock to BaseStrategy:setPerfFeePct

Handle Dravee Vulnerability details Impact To give more trust to users: functions that set key/critical variables should be put behind a timelock. Proof of Concept Tools Used VS Code Recommended Mitigation Steps Add a timelock to setter functions of key/critical variables. --- The text was update...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.12 views

wrong YAXIS estimates

Handle cmichel Vulnerability details The Harvester.getEstimates contract tries to estimate a YAXIS amount but uses the wrong path and/or amount. It currently uses a WETH input amount to compute a YAXIS - WETH trade. address memory path; path0 = IStrategystrategy.want; path1 =...

6.9AI score
Exploits0
Rows per page
Query Builder