18 matches found
Single Failure in claim() Reverts Entire Transaction
Lines of code Vulnerability details Impact When the claim function is called it calls internally initializeMarketsmsg.sender which then loops through the whole market and other functions involving the user passed as parameter, the problem is that if one single thing fails everything will fail and...
Irrevocable token can be downgrade to be revocable
Lines of code Vulnerability details Impact Code Invariant Irrevocable token cannot be downgrade to be revocable can be break leading to loss of user accrued rewards. Proof of Concept In this message one of the contest sponsors syas: "irrevocable token cannot be downgrade to be revocable" To...
check for the reentrancy attack is missed in the claim function
Lines of code Vulnerability details Impact the function claim in the LendingLedger.sol will send native token $CANTO to the msg.sender by .call which it can be EOA or Contracts, because there is no any RA checks the caller can make double call in the same time to get himself more tokens reward th...
Failed transfer with low level call could be overlooked
Lines of code Vulnerability details Impact In LendingLedger.sol and votingEscrow.sol, low level call made using the call, According to the Solidity docs, "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as pa...
the claim function may underFlow when it calculate the claimEnd
Lines of code Vulnerability details Impact in the claim function there is possibility of the underflow which lead the transaction to revert, the function may underflow in this line uint256 claimEnd = Math.mincurrEpoch - WEEK, claimUpToTimestamp because the currEpoch will return the current epoch...
Vulnerability: Setting the userClaimedEpoch to a wrong Epoch / Contract: LendingLedger / Function: claim
Lines of code Vulnerability details Impact The userClaimedEpoch is setted to a different epoch week more than the actual epoch of the claim. Proof of Concept In the function to claim the canto for a market, the claiming can only be made for a prior epoch and the function does it in that way, but...
CVE-2023-32346
Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...
Upgraded Q -> 2 from #615 [1675724239375]
Judge has assessed an item in Issue 615 as 2 risk. The relevant finding follows: Unbounded gas usage in claim function of Quest contract The claim function has an unbounded gas usage that traverses different arrays many times. The call to RabbitHoleReceipt.getOwnedTokenIdsOfQuest iterates all...
Upgraded Q -> 2 from #648 [1675725337760]
Judge has assessed an item in Issue 648 as 2 risk. The relevant finding follows: 2. Unbounded Array Vulnerability in Claim Function Link : Summary: The claim function in the Quest contract has an unbounded array vulnerability that could lead to an Out-of-Gas OOG error and make the contract...
Upgraded Q -> 2 from #117 [1675572860639]
Judge has assessed an item in Issue 117 as 2 risk. The relevant finding follows: Description If a single address has certain amount of RabbitHoleReceipt tokens receipts - according to tests 1050, when he tries to call claim function from Quest.sol it will always revert with 'Transaction ran out o...
claim can run out of gas
Lines of code Vulnerability details Impact If the claim function runs out of gas, the caller can never claim any rewards without transferring the nfts to another address first Proof of Concept Currently, the claim function loops over the msg.senders NFT's. If this list ever becomes too large, the...
fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be executed for those rewards
Lines of code Vulnerability details Impact Function compound in AutoPxGmx and AutoPxGlp contracts is for compounding pxGLP and additionally pxGMX rewards. it works by calling PirexGmx.claimpx, this to collect the rewards of the vault and then swap the received amount to calculate the reward,...
Incentive fund loss when calling claim() in AutoPxGlp/PxGmxRewards because it calls this.compound(,,true) which would transfer incentive to contract itself and those funds won't be calculated as rewards or fee and won't be accessible to withdraw
Lines of code Vulnerability details Impact Function claim in PxGmxReward contract is used for claiming available pxGMX rewards of a user. but this function calls IAutoPxGlpaddressthis.compound1, 1, true; to harvest new rewards and stake them to compound rewards. but this call is external call and...
A malicious user can claim and successfuly steal a gobbler NFT token.
Lines of code Vulnerability details Impact A malicious user can claim and successfuly steal a gobbler NFT token in the function claimGobbler. Proof of Concept The function claimGobbler is used from the mintlisted users to claim a gobbler using a merkle proof. However there is no check to ensure...
griefing on claim()
Lines of code Vulnerability details Issue: griefing can happen if coolDownPeriod is 0 due to the fact that you can stake for someone else, whenever a stake happens, the expiry variable increases with coolDownPeriod. This can be done either by watching the mempool and frontrun a stake when someone...
Missing input validation in _claim function at RewardDistributor.sol
Lines of code Vulnerability details Description All the functions present in the contract were found to have input validation except the claim functions. The function at inputs the user's value and then is processed at and is lacking all form of input validation. Impact Users can supply illegal...
Possible rug #2
Lines of code Vulnerability details Impact The finalize function can be called only by the owner. Thus, if an owner account is lost, unable to send a transaction, or controlled by a bad actor, the contract may not get finalized. Thus the claim function will never be able to succeed and funds will...
Owner never calls finalize() = rug pull
Lines of code Vulnerability details Impact In order for users to claim their promised tokenOut tokens, the contract owner must call the finalize function. If the owner never calls the finalize function, no user can call the claim function to get their tokens. The owner can call the sweep function...