4 matches found
Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.
Lines of code Vulnerability details Description ApeStakingLogic.sol implements the logic for staking ape coins through the NTokenApeStaking NFT. getTokenIdStakingAmount is an important function which returns the entire stake amount mapping for a specific BAYC / MAYC NFT. function...
Collateral limit can be bypassed in auction
Lines of code Vulnerability details Collateral limit could be bypassed, allowing more collateral to be auctioned concurrently than intended by governance. // There is a limit on how much collateral can be concurrently put at auction, but it is a soft limit. // If the limit has been surpassed, no...
Concurrently auctioned collateral limit can be gamed
Lines of code Vulnerability details Proof of concept: Let’s say for collateral USDT we put a limit that maximum concurrent auctioned collateral can be 100,000 USDT. Now if there are two big vaults, one is 9,999 USDT and other is 100,000 USDT and they are both undercollateralized, now if someone...
Collateral limit can be exceeded on a new auction
Lines of code Vulnerability details Witch's auction checks the total collateral limit before updating the structure with the current auction's data. This way this limit end up not being respected in result of auction call and can be actually breached for an arbitrary big amount as auction.ink tha...