Lucene search
K

6 matches found

Code423n4
Code423n4
added 2022/02/09 12:0 a.m.13 views

ConvexStakingWrapper deposits and withdraws will frequently be disabled if a token that doesn't allow zero value transfers will be added as a reward one

Lines of code Vulnerability details Impact If deposits and withdraws are done frequently enough, the reward update operation they invoke will deal mostly with the case when there is nothing to add yet, i.e. reward.remaining match the reward token balance. If reward token doesn't allow for zero...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.12 views

unsafe cast can lead to theft

Lines of code Vulnerability details in the first link I provided, a hacker can call withdraw with amount = 2196, the amount of shares that will be burned is uint1922192 == 0. if the system has enough money, the hacker can steal 2192 tokens and pay nothing. for the second link, a user that provide...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.6 views

ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining

Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.10 views

Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.9 views

Rewards distribution can be disrupted by a early user

Handle WatchPug Vulnerability details function calcRewardIntegral uint256 index, address2 memory accounts, uint2562 memory balances, uint256 supply, bool isClaim internal RewardType storage reward = rewardsindex; uint256 rewardIntegral = reward.rewardintegral; uint256 rewardRemaining =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.20 views

ConvexStakingWrapper does not update rewards state before transferring tokens

Handle kenzo Vulnerability details ConvexStakingWrapper saves data for reward calculation in dedicated variables for each user, such as reward.rewardintegralforaccount. These variables are not updated when transferring wrapped staked tokens. Please note that Convex's original ConvexStakingWrapper...

7AI score
Exploits0
Rows per page
Query Builder