Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.21 views

[ADRIRO-NEW-H-02] Users loses their share of rewards while waiting for withdrawal

Lines of code Vulnerability details Summary Withdrawals in AfEth undergo a delay until the underlying CVX tokens can be withdrawn. Depositors need to request a withdrawal and wait until the required withdrawal epoch before making their withdrawal effective. During this period of time, they will...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.6 views

VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process

Lines of code Vulnerability details Summary Withdrawals in VotiumStrategy are executed in queue since CVX tokens are potentially locked in Convex. However, the implementation fails to consider the case where unlocked assets are already enough to cover the withdrawal, leading to different issues...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.11 views

Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/05/24 12:0 a.m.6 views

AuraClaimZap may transfer CVX tokens to itself which become locked in the contract

Lines of code Vulnerability details Impact During AuraClaimZap.claimExtras if the option LockCvx is set to false then the contract will transfer CVX tokens from the msg.sender to this contract without forwarding them on to the user. There is no way to retrieve these funds from the protocol and...

6.7AI score
Exploits0
Rows per page
Query Builder