18 matches found
Lack of Slippage Protection in CurveTricryptoAdapter::primitiveOutputAmount and Curve2PoolAdapter::primitiveOutputAmount
Lines of code Vulnerability details Impact Due to the lack of slippage protection in the CurveTricryptoAdapter::primitiveOutputAmountand Curve2PoolAdapter::primitiveOutputAmount, user deposits and withdrawals are vulnerable to being sandwich attacked. Proof of Concept...
Missing Reentry Protection in 'emergencyWithdraw' function
Lines of code Vulnerability details Ensure that all state changes in emergencyWithdraw are done before the external call to prevent reentrancy attacks. The function is vulnerable to reentrancy attacks due to the use of .callvalue: balance"". This can be mitigated by adding a reentrancy guard.- Po...
In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures.
Lines of code Vulnerability details M2 - In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures. poc: solidity function batchRefund external returns requireaddressthis.balance = totalRefundAmount, "Insufficient balance for refunds"; Assess...
Unchecked Minting
Lines of code Vulnerability details Impact There is a possibility, an attacker can force minting of tokens to self or any other diluting the token value and stealing funds in the process Proof of Concept Here is a step-by-step process The attacker calls the transferFrom function with msg.data...
doesn't handle when value of reservePool returned is nil
Lines of code Vulnerability details Impact inputReserve and outputReserve is gotten from the reservePool return However reservePool could be nil and since not handled or checked it results to inaccurate inputReserve and outputReserve Proof of Concept inputReserve and outputReserve are gotten usin...
Users may lose rewards
Lines of code Vulnerability details Impact In RewardsManager.sol we have claimRewards function: function claimRewards uint256 tokenId, uint256 epochToClaim external override StakeInfo storage stakeInfo = stakestokenId; if msg.sender != stakeInfo.owner revert...
Skipping indices of malicious strategies does not work
Lines of code Vulnerability details Impact In src/contracts/core/StrategyManager.solL536 parameter indicesToSkip per documentation: """exists so that, e.g., if the slashed QueuedWithdrawal contains a malicious strategy in the strategies array which always reverts on calls to its 'withdraw'...
Wrong first parameter for _calcRewardsEnd when changing reward speed
Lines of code Vulnerability details Impact The function calcRewardsEnd is called with the previousEndTime as first parameter in MultiRewardStaking.changeRewardSpeed, which leads to wrong calculation of the new rewardsEndTimestamp, causing it to be later than it should be. This will lead to more...
The LendgineRouter.burn() will always REVERT due to the callback function forgot to send the due token0 back.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LendgineRouter.burn will always REVERT due to the callback function forgot to send the due token0 back. The callback function pairMintCallback is supposed to send back amount0 amount of token0 back ...
Anyone Can Collect The Transaction Fees
Lines of code Vulnerability details Impact collectTransactionFees is a function that should be only calles by the liquidity providers , but the the flow of the function no restriction , lets anyone collect the fees. Proof of Concept 1. Alice decides to collect the fees of pool A for example 2...
Upgraded Q -> M from #72 [1674644492627]
Judge has assessed an item in Issue 72 as M risk. The relevant finding follows: Low-03 NTokenMoonBirds may not be able to receive airdrops Impact For most NToken, some airdrops that are actively minted to the holder's address can be withdrawn and later distributed by the PoolAdmin calling the...
Forgetting to delete approval can help attacker mint any legendary gobbler with 0 cost of standard gobblers
Lines of code Vulnerability details 2022-09-artgobblers Forgetting to delete approval can help attacker mint any legendary gobbler with 0 cost of standard gobblers. tags: c4, 2022-09-artgobblers, high Affected code Impact When mint new lengendary gobbler, an amount of standard gobblers cost must ...
Use SAFETRANSFERFROM() instead of TRANSFERFROM() for ERC721 TRANSFERS
Lines of code Vulnerability details Impact In NameWrapper.sol the wrapETH2LD and unwrapETH2LD functions call transferFrom on a ERC721 token. This does not ensure that the token is not sent to an address that is not able to properly support it which could result in the loss of the token. This is...
BurnToTarget can be exploited to receive more LP tokens
Lines of code Vulnerability details Issue: depositInPool uses addressthis.balance Consequences: exploiter will get more lp tokens File: FeeBurner.sol 81: // Depositing target underlying into target pool 82: uint256 targetLpTokenBalance = depositInPooltargetUnderlying, targetPool; 83: 84: //...
Excess ETH is not returned to sender
Lines of code Vulnerability details Impact In passThruGate function, msg.value is checked to be greater than the required cost, but the excess amount is not returned to the sender. Proof of Concept function passThruGateuint index, address override external payable Gate memory gate = gatesindex;...
[WP-H0] When transferring tokens not in whitelist on Ethereum to Terra with CrossAnchorBridge.depositStable(), the funds may get frozen
Lines of code Vulnerability details In the current implementation of CrossAnchorBridge, all require that "Check that token is a whitelisted token" is commented out. As a result, users may send transcations with the non-whitelisted tokens and as they can not be processd properly on the Terra side,...
[WP-H2] money-market-contracts/contracts/market claim_rewards may revert due to spend_limit set on distributor
Lines of code Vulnerability details While claimrewards from the money-market, it calls the distributorcontractspend to send the rewards. let messages: Vec = if !claimamount.iszero vec!CosmosMsg::WasmWasmMsg::Execute contractaddr: deps .api .addrhumanize&config.distributorcontract? .tostring, fund...
Wrong calculation of FrozenCoinAge
Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...