Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/09/27 12:0 a.m.15 views

Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.11 views

Users can deposit() even when Chainlink's price feed for CVX is stale

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/26 12:0 a.m.10 views

Potential rewards stealing by manipulating CVX/ETH pool

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or obtains...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/26 12:0 a.m.13 views

It might not be possible to applyRewards(), if an amount received is less than 0.05 eth

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked bi-weekly in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or...

6.8AI score
Exploits0
Rows per page
Query Builder