Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

LiquidityMining.sol cannot be funded for rewards distribution.

Lines of code Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the liquidity providers, but the contract lacks a receive or fallback function for funds be deposited in it, leaving the contract empty and unable to sen...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.17 views

withdrawFee() can be called multiple times by any user when quest has ended making it possible to drain contract and leave users unable to claim rewards

Lines of code Vulnerability details Impact The withdrawFee function in the Erc20Quest contract can be called multiple times. The modifier onlyAdminWithdrawAfterEnd is applied to the function which only makes it possible to call it after the end time of a quest. It should be noted that any user is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.17 views

Some of user funds stuck in contract because of division rounding error in beforeWithdraw()

Lines of code Vulnerability details Impact Function beforeWithdraw has been used in withdraw of Vault contract to calculates withdraw amount of users but because of division rounding error in this funds some user's funds would stuck in contract. Proof of Concept This is beforeWithdraw code:...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.9 views

JBPayoutRedemptionPaymentTerminal#processFees may run out of gas and revert due to long list of _heldFeesOf[_projectId]

Lines of code Vulnerability details Proof of Concept // Get a reference to the project's held fees. JBFee memory heldFees = heldFeesOfprojectId; // Delete the held fees. delete heldFeesOfprojectId; // Push array length in stack uint256 heldFeeLength = heldFees.length; // Process each fee. for...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.15 views

[WP-H6] Swapper can be used to steal all the funds from the contract

Lines of code Vulnerability details function swapTokensGenericLiFiData memory lifiData, LibSwap.SwapData calldata swapData public payable uint256 receivingAssetIdBalance = LibAsset.getOwnBalancelifiData.receivingAssetId; // Swap executeSwapslifiData, swapData; uint256 postSwapBalance =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.7 views

OpenLevV1 runs price update for UniV2Class DEXes only

Handle hyh Vulnerability details Impact If the price currently recorded by the system is outdated, the marginTrade and liquidate functions will use a stale price if being run with V3 dexData, which is what system allows. A malicious user can act on a stale price observation, using trade opening a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/26 12:0 a.m.10 views

Denial-of-service condition: emergency shutdown after pair creation loses contract funds

Handle static Vulnerability details Impact If the owner of the contract set specifically the Factory owner, executes allowEmergencyWithdraw after the pair is created, then the withdraw functions including the emergencyWithdraw will not function and the funds including the liquidity tokens, will b...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.6 views

After a promotion is cancelled, not claimed rewards are stuck

Handle 0x0x0x Vulnerability details After a promotion is cancelled using cancelPromotion, not awarded rewards for remaining epochs are sent to an address given by promotion creator. Awarded rewards not claimed by users stay in the contract. Since the promotion is deleted from promotions, users...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.7 views

TwabRewards: cancelPromotion() can revert if a promotion tokens applies fee on transfer

Handle GiveMeTestEther Vulnerability details Impact If the promotion token applies transfer fees, the total amount the contract holds will be less than "tokensPerEpoch numberOfEpochs" bcs a part of this amount is the fee = funds + fee, but only the "funds" can be withdrawn. If after each epoch al...

7AI score
Exploits0
Rows per page
Query Builder