Lucene search
+L

4 matches found

Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•7 views

Migration can be impacted, by frontrunning the commit function call

Lines of code Vulnerability details As part of the migration of a vault, the commit function is called to kickoff the buyout process for the migration. Its possible that any EOA address can initiate a start function on the Buyout module with a very low amount of msg.value and prevent the above...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•10 views

Migration Module: Re-enter commit using custom token

Lines of code Vulnerability details Impact HIGH - Assets can be compromised directly. One can drain eth out from migration module to buyout module using custom made FERC1155 token. Proof of Concept proof of concept: testCommitReenterpoc custom made FERC1155 for the attack The proof of concept sho...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•11 views

Buyout Module: ethBalance is not properly updated

Lines of code Vulnerability details Impact HIGH - Assets can be stolen directly. An attacker can steal eth from buyout module Proof of Concept proof of concept1: testCashSharepoc proof of concept2: testCashRepeatpoc The proof of concept1 shows that the same amount of fractions will result in...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•11 views

Buyout Module: redeeming before the update of totalSupply will make buyout's current state success

Lines of code Vulnerability details Impact MED - a hypothetical attack path with stated assumptions, but external requirements. Attacker can create a vault with successful buyout status and non zero supply. The attacker can sell the fractions and then simply withdraw the assets. Proof of Concept...

6.7AI score
Exploits0
Rows per page
Query Builder