Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2021/12/16 12:0 a.m.7 views

_safeJoeTransfer doesn't refund users JOE incase of rounding error

Handle jayjonah8 Vulnerability details Impact In WJLP.sol a user can call the claimReward function to claim the JOE rewards they are owed. This eventually calls the safeJoeTransfer function which will check if the amount to send is greater than the joeBal of the contract. If the amount is greater...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/07 12:0 a.m.14 views

Reward token not correctly recovered

Handle cmichel Vulnerability details The Streaming contract allows recovering the reward token by calling recoverTokensrewardToken, recipient. However, the excess amount is computed incorrectly as ERC20token.balanceOfaddressthis - rewardTokenAmount + rewardTokenFeeAmount: function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.10 views

ConcentratedLiquidityPoolManager uses wrong index for incentive

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager uses the positionId as an index for incentivespoolpositionId when it should be incentiveId instead: // @audit should be Incentive memory incentive = incentivespoolincentiveId; Incentive memory incentive =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.16 views

ConcentratedLiquidityPoolManager.sol#claimReward() and reclaimIncentive() will fail when incentive.token is token0 or token1

Handle WatchPug Vulnerability details In ConcentratedLiquidityPosition.collect, balances of token0 and token1 in bento will be used to pay the fees. uint256 balance0 = bento.balanceOftoken0, addressthis; uint256 balance1 = bento.balanceOftoken1, addressthis; if balance0 newBalance0 token0amount =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.11 views

Wrong reward calculation

Handle 0xsanson Vulnerability details Impact In ConcentratedLiquidityPoolManager, an user can claimReward of a subscribed position. In order to compute the correct amount, secondsUnclaimed needs to be calculated, but it's implemented incorrectly: uint256 secondsUnclaimed = maxTime -...

6.9AI score
Exploits0
Rows per page
Query Builder