Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2023/01/17 12:0 a.m.9 views

Not resetting totalBurned in CashManger will break user redemptions

Lines of code Vulnerability details Not resetting totalBurned in CashManger will break user redemptions The current implementation in CashManager.completeRedemptions is not updating the totalBurned amount in an epoch if there was a refund. The problem is, that if not all user redemptions can be...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.9 views

setMintLimit and setRedeemLimit can result in DoS

Lines of code Vulnerability details Impact Due to the missing validation of mintLimit and redeemLimit this might result in unreasonably low limits, leading to a DoS of the requestMint and requestRedemption function. One user can simply call these functions with the upper limit, resulting in a DoS...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.15 views

Centralization risk

Lines of code Vulnerability details Impact MANAGERADMIN can set a very high value for minimumRedeemAmount which will ensure that all attempt to redeem amount simply fails Proof of Concept 1. User A wants to redeem amount 100000 using the requestRedemption function 2. Before User A can do so,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.7 views

Loss of user funds when completing CASH redemptions

Lines of code Vulnerability details The function completeRedemptions present in the CashManager contract is used by the manager to complete redemptions requested by users and also to process refunds. function completeRedemptions address calldata redeemers, address calldata refundees, uint256...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.6 views

Attacker can spam mint and redeem to DOS others if mintFee = 0

Lines of code Vulnerability details Impact This issue is more about the design of CashManager. In CashManager contract, each epoch has a limit for total mint and redeem amount. Attacker can abused this limit, spam minting, redeeming and repeat to DOS other users. In addition, mintFee is initializ...

6.7AI score
Exploits0
Rows per page
Query Builder