Distribute is open to rewards manipulation

Lines of code Vulnerability details Impact The distribute function is prone to manipulation by the first depositor if the totalShares is low, since the result of transferFrom in distribute is not checked. This can happen if a malicious user calls createLock whereby shares = 1 then calls distribut...

Wrong calculation of MONTH_IN_SECONDS

Lines of code Vulnerability details Wrong calculation of MONTHINSECONDS : line 33 on VRFNFTRandomDraw.sol is calculating 30 weeks of 7 days instead of 30 days. 30 weeks of 7 days = 3600 24 7 30. 30 days = 3600 24 30. so and wont work properly --- The text was updated successfully, but these error...

Upgraded Q -> M from #75 [1668466949988]

Judge has assessed an item in Issue 75 as M risk. The relevant finding follows: Line 237, beforeTokenTransferaddress0, account, id, amount; should be beforeTokenTransferaccount, address0, id, amount; --- The text was updated successfully, but these errors were encountered: All reactions...

Wrong bidIndex calculation

Lines of code Vulnerability details Impact Return wrong bidIndex Proof of Concept SizeSealed.sol Tools Used Manual Recommended Mitigation Steps uint256 bidIndex = a.bids.length - 1 ; --- The text was updated successfully, but these errors were encountered: 👎 1 trust1995 reacted with thumbs down...

Votes can be reused

Lines of code Vulnerability details Impact A user can repeatedly call pledge for many Pledges and earn all the different rewards from pledge owners since the votes are not locked up / voting power is not locked up. Proof of Concept User delegates to a Pledge by calling pledge and repeating the...

ArtGobblers.mintLegendaryGobbler() doesn't delete getApproved[id] for burned tokens.

Lines of code Vulnerability details Impact When a gobbler is burned for a legendary gobbler, both owner and getApproved should be deleted. But getApproved isn't deleted now so users can revive the gobbler again. Proof of Concept Users can set getApprovedid for the owned NFTs. File:...

_claim function vulnerable to cross-chain-replay attacks

Lines of code Vulnerability details If there's a fork, since anyone can call claim, an attacker can monitor the blockchain for calls to claim, and then make the same call with the same arguments on the other chain. Proof of Concept There are no EIP-712 protections in the encoding: bytes32 leafHas...

Contract TribeRedeemer: function previewRedeem() might unable to be called forever because of devide by 0

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: function previewRedeem might unable to be called forever because of devide by 0 tags: c4, 2022-09-tribe, medium Affected code Impact After redemptions, redeemBase can be 0. Then function previewRedeem always revert when be...

Invalid payout is accepted

Lines of code Vulnerability details Impact In callback function, getMarketInfoForPurchase also returns maxPayout as last argument. This is not compared against outputAmount which means if market asks for higher outputAmount then the contract will simply pay Similar instance Also check the...

In Community.sol, the interest calculation formula is not correct.

Lines of code Vulnerability details Impact Currently, it calculates interest using the number of days and builders would pay nearly half or less interest than they should. So lenders wouldn't get the interest as expected and it means builders can steal the interest from lenders. Proof of Concept ...

pendingLockAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function pendingLockAtEpochOfuint256 epoch, address user external view returns uint256 amount...

Steal user's first deposit

Lines of code Vulnerability details Impact Steal user's first deposit Proof of Concept The attack's flow is as following: 1. The first depositor wants to deposit X in bathToken.sol. 2. We detect it and frontrun 2 operations: 1. We deposit 1 of the underlying to the system. In exchange we receive ...

At LidoVault.sol, _withdrawFromYieldPool()function, ETH transfer return value is not checked

Lines of code Vulnerability details Impact At withdrawFromYieldPool ETH transfer return value is not checked as the return statement at line 141 breaks the return value checking. Proof of Concept function withdrawFromYieldPool address asset, uint256 amount, address to internal override returns...

No cap on fee parameters

143 comment Warden: gzeon Consider adding caps to fee parameters to reduce rug risk --- The text was updated successfully, but these errors were encountered: All reactions...

Forget to remove account out of _roleMembers[role]

Originally submitted by warden TrungOre in 89, duplicate of 164. For get to remove account out of roleMembersrole --- The text was updated successfully, but these errors were encountered: All reactions...

Cast to uint192 is unsafe

Judge @GalloDaSballo has assessed the 3rd item in QA Report 197 as Medium risk. The relevant finding follows: … Cast to uint192 is unsafe, user trying to deposit more than 2^192 would recevie less deposits balance. depositspidmsg.sender.amount += uint192amount; --- The text was updated...

DDOS - robee

Duplicate of 119 --- The text was updated successfully, but these errors were encountered: All reactions...

The store method allows you to store the same token twice

This issue has been created to upgrade a QA report submission to a medium severity finding. From 0x1f8b: The store method allows you to store the same token twice in NestedRecords.solL130 To do this you must first call storenftId,tokenA,0,reserve and then storenftId,tokenA,100000,reserve because ...

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

Reserve does not properly apply prices of VADER and USDV tokens

Handle TomFrenchBlockchain Vulnerability details Impact Reserve pays out vastly higher or lower IL protection than it should Proof of Concept Consider the lines 98 and 102 as shown on the link below: Here we multiply the IL experienced by the LP by a price for USDV or VADER as returned by the LBT...