Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/12/09 12:0 a.m.11 views

Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.

Lines of code Vulnerability details Description ApeStakingLogic.sol implements the logic for staking ape coins through the NTokenApeStaking NFT. getTokenIdStakingAmount is an important function which returns the entire stake amount mapping for a specific BAYC / MAYC NFT. function...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/17 12:0 a.m.13 views

Collateral limit can be bypassed in auction

Lines of code Vulnerability details Collateral limit could be bypassed, allowing more collateral to be auctioned concurrently than intended by governance. // There is a limit on how much collateral can be concurrently put at auction, but it is a soft limit. // If the limit has been surpassed, no...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/16 12:0 a.m.9 views

Concurrently auctioned collateral limit can be gamed

Lines of code Vulnerability details Proof of concept: Let’s say for collateral USDT we put a limit that maximum concurrent auctioned collateral can be 100,000 USDT. Now if there are two big vaults, one is 9,999 USDT and other is 100,000 USDT and they are both undercollateralized, now if someone...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/15 12:0 a.m.9 views

Collateral limit can be exceeded on a new auction

Lines of code Vulnerability details Witch's auction checks the total collateral limit before updating the structure with the current auction's data. This way this limit end up not being respected in result of auction call and can be actually breached for an arbitrary big amount as auction.ink tha...

6.9AI score
Exploits0
Rows per page
Query Builder