Lucene search
K

18 matches found

Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Lack of Slippage Protection in CurveTricryptoAdapter::primitiveOutputAmount and Curve2PoolAdapter::primitiveOutputAmount

Lines of code Vulnerability details Impact Due to the lack of slippage protection in the CurveTricryptoAdapter::primitiveOutputAmountand Curve2PoolAdapter::primitiveOutputAmount, user deposits and withdrawals are vulnerable to being sandwich attacked. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.6 views

Missing Reentry Protection in 'emergencyWithdraw' function

Lines of code Vulnerability details Ensure that all state changes in emergencyWithdraw are done before the external call to prevent reentrancy attacks. The function is vulnerable to reentrancy attacks due to the use of .callvalue: balance"". This can be mitigated by adding a reentrancy guard.- Po...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.8 views

In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures.

Lines of code Vulnerability details M2 - In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures. poc: solidity function batchRefund external returns requireaddressthis.balance = totalRefundAmount, "Insufficient balance for refunds"; Assess...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.9 views

Unchecked Minting

Lines of code Vulnerability details Impact There is a possibility, an attacker can force minting of tokens to self or any other diluting the token value and stealing funds in the process Proof of Concept Here is a step-by-step process The attacker calls the transferFrom function with msg.data...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/22 12:0 a.m.16 views

doesn't handle when value of reservePool returned is nil

Lines of code Vulnerability details Impact inputReserve and outputReserve is gotten from the reservePool return However reservePool could be nil and since not handled or checked it results to inaccurate inputReserve and outputReserve Proof of Concept inputReserve and outputReserve are gotten usin...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.16 views

Users may lose rewards

Lines of code Vulnerability details Impact In RewardsManager.sol we have claimRewards function: function claimRewards uint256 tokenId, uint256 epochToClaim external override StakeInfo storage stakeInfo = stakestokenId; if msg.sender != stakeInfo.owner revert...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.8 views

Skipping indices of malicious strategies does not work

Lines of code Vulnerability details Impact In src/contracts/core/StrategyManager.solL536 parameter indicesToSkip per documentation: """exists so that, e.g., if the slashed QueuedWithdrawal contains a malicious strategy in the strategies array which always reverts on calls to its 'withdraw'...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.10 views

Wrong first parameter for _calcRewardsEnd when changing reward speed

Lines of code Vulnerability details Impact The function calcRewardsEnd is called with the previousEndTime as first parameter in MultiRewardStaking.changeRewardSpeed, which leads to wrong calculation of the new rewardsEndTimestamp, causing it to be later than it should be. This will lead to more...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.14 views

The LendgineRouter.burn() will always REVERT due to the callback function forgot to send the due token0 back.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LendgineRouter.burn will always REVERT due to the callback function forgot to send the due token0 back. The callback function pairMintCallback is supposed to send back amount0 amount of token0 back ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.6 views

Anyone Can Collect The Transaction Fees

Lines of code Vulnerability details Impact collectTransactionFees is a function that should be only calles by the liquidity providers , but the the flow of the function no restriction , lets anyone collect the fees. Proof of Concept 1. Alice decides to collect the fees of pool A for example 2...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.10 views

Upgraded Q -> M from #72 [1674644492627]

Judge has assessed an item in Issue 72 as M risk. The relevant finding follows: Low-03 NTokenMoonBirds may not be able to receive airdrops Impact For most NToken, some airdrops that are actively minted to the holder's address can be withdrawn and later distributed by the PoolAdmin calling the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.7 views

Forgetting to delete approval can help attacker mint any legendary gobbler with 0 cost of standard gobblers

Lines of code Vulnerability details 2022-09-artgobblers Forgetting to delete approval can help attacker mint any legendary gobbler with 0 cost of standard gobblers. tags: c4, 2022-09-artgobblers, high Affected code Impact When mint new lengendary gobbler, an amount of standard gobblers cost must ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.18 views

Use SAFETRANSFERFROM() instead of TRANSFERFROM() for ERC721 TRANSFERS

Lines of code Vulnerability details Impact In NameWrapper.sol the wrapETH2LD and unwrapETH2LD functions call transferFrom on a ERC721 token. This does not ensure that the token is not sent to an address that is not able to properly support it which could result in the loss of the token. This is...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.11 views

BurnToTarget can be exploited to receive more LP tokens

Lines of code Vulnerability details Issue: depositInPool uses addressthis.balance Consequences: exploiter will get more lp tokens File: FeeBurner.sol 81: // Depositing target underlying into target pool 82: uint256 targetLpTokenBalance = depositInPooltargetUnderlying, targetPool; 83: 84: //...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.10 views

Excess ETH is not returned to sender

Lines of code Vulnerability details Impact In passThruGate function, msg.value is checked to be greater than the required cost, but the excess amount is not returned to the sender. Proof of Concept function passThruGateuint index, address override external payable Gate memory gate = gatesindex;...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.20 views

[WP-H0] When transferring tokens not in whitelist on Ethereum to Terra with CrossAnchorBridge.depositStable(), the funds may get frozen

Lines of code Vulnerability details In the current implementation of CrossAnchorBridge, all require that "Check that token is a whitelisted token" is commented out. As a result, users may send transcations with the non-whitelisted tokens and as they can not be processd properly on the Terra side,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.7 views

[WP-H2] money-market-contracts/contracts/market claim_rewards may revert due to spend_limit set on distributor

Lines of code Vulnerability details While claimrewards from the money-market, it calls the distributorcontractspend to send the rewards. let messages: Vec = if !claimamount.iszero vec!CosmosMsg::WasmWasmMsg::Execute contractaddr: deps .api .addrhumanize&config.distributorcontract? .tostring, fund...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.9 views

Wrong calculation of FrozenCoinAge

Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...

6.9AI score
Exploits0
Rows per page
Query Builder