117 matches found
Withdrawing ETH collateral with max uint256 amount value reverts transaction
Lines of code Vulnerability details Impact Withdrawing ETH collateral via the withdrawCollateral function using typeuint256.max for the amount parameter reverts the transaction due to asset being the zero-address and IERC20Detailedasset.decimals not working for native ETH. Proof of Concept...
PermissionlessBasicPoolFactory.sol Does Not Support Reward Tokens With Decimals Other Than 18
Lines of code Vulnerability details Impact The PermissionlessBasicPoolFactory.sol contract allows anyone to add staking pools which users can participate in to earn reward tokens. Pools are segregated to ensure malicious pools cannot siphon tokens from honest pools. Upon the addition of a new poo...
Tokens having more than 18 decimals are not supported
Originally submitted by warden pauliax in 173, duplicate of 49. Tokens having more than 18 decimals are not supported, the calculation will revert here: function decimalMultiplieraddress token internal view returns uint256 return 1018 - IERC20Fulltoken.decimals; --- The text was updated...
PermissionlessBasicPoolFactory use hard coded decimals of 18
Lines of code Vulnerability details Once reward/deposit tokens decimals differ from 18 the calculations with a hard coded 1e18 will become grossly incorrect. This will lead either to receiving no rewards: say deposit is USDC with decimals of 6, being divided by 1e18 it adds 1e-12 to the rewards...
PermissionlessBasicPoolFactory.sol Does Not Support Reward Tokens With Decimals Other Than 18
Lines of code Vulnerability details Impact The PermissionlessBasicPoolFactory.sol contract allows anyone to add staking pools which users can participate in to earn reward tokens. Pools are segregated to ensure malicious pools cannot siphon tokens from honest pools. Upon the addition of a new poo...
Reliance on ERC20Upgradable.decimals() will always return 18 despite actual token decimals
Lines of code Vulnerability details Impact A call to ERC20UpgradeabletokenIn.decimals is used in the getAmountOut function of KnightingRound.sol to determine how much citadel to provide to the user for the given amount of tokenIn. The issue with using ERC20Upgradeable.decimals is that it always...
Economic calculation may not be precise enough
Lines of code Vulnerability details In Funding.sol, the assetDecimalsNormalizationValue is set to 10 asset.decimals, later it is used to determine home many token units there are per one asset token in human representation. Firstly, this may be highly dangerous as .decimals return value isn't sai...
Wrong calculation for yVault price per share if decimals != 18
Lines of code Vulnerability details The yVault.getPricePerFullShare function calculates the price per share by multiplying with 1e18 token decimals with the assumption that the underlying token always has 18 decimals. yVault has the same amount of decimals as it's underlying token see...
New YVault depositors can be attacked by depressing share decimals
Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created YVault contract, providing a tiny amount of token by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 token if it is 18 decimals. Then the attacker can directly transfer, for exampl...
NonCustodialPSM's _getMintAmountOut and _getRedeemAmountOut don't account for underlyingToken decimals
Lines of code Vulnerability details Impact getMintAmountOut and getRedeemAmountOut are used to convert stablecoin amount to VOLT amount and back with the help of Oracle feed price. As stablecoin decimals differ both functions that do not scale the results accordingly will become grossly incorrect...
Reward calculations can be rendered to zero due to the lack of precision
Lines of code Vulnerability details Impact On a combination of high enough token value and low enough decimals there can be not enough precision to store reward amount, which can be permanently hid from a user as a result. I.e. on such a combination there will effectively be no rewards for some...
Reward and base token decimals difference isn't accounted for in LiquidityFarming
Lines of code Vulnerability details Impact Reward and base token decimals can differ, while this difference isn't accounted for in the reward amount calculations, which will lead to either missing rewards or sending the whole rewards balance to the first eligible user. For example: If reward is...
Wrong token allocation computation for token decimals != 18 if floor price not reached
Handle cmichel Vulnerability details In LaunchEvent.createPair, when the floor price is not reached floorPrice wavaxReserve 1e18 / tokenAllocated, the tokens to be sent to the pool are lowered to match the raised WAVAX at the floor price. Note that the floorPrice is supposed to have a precision o...
CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...
UBUNTU-CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...
PT-2022-15338 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 7.0.2 Description: The issue allows HTML injection, as demonstrated by the MAIN MAX DECIMALS TOT parameter in the "admin/limits.php" endpoint. Recommendations: For Dolibarr version 7.0.2, consider restricting access to the...
Yearn token <> shares conversion decimal issue
Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...
Non compatile with all tokens
Handle 0x1f8b Vulnerability details Impact It could not work with all tokens. Proof of Concept The method fromTokenAmount inside the contract Token18 can't work with tokens with 0 decimals, the result of UFixed18Lib.ratio will throw and error because it will divide by zero. It's mandatory to chec...
Wrong decimals returned by maltMarketPrice()
Handle gzeon Vulnerability details Impact maltMarketPrice in UniswapHandle return incorrect decimals of price when rewardDecimals maltDecimals else if rewardDecimals maltDecimals uint256 diff = maltDecimals - rewardDecimals; price = rewardReserves.mul10diff.mul10rewardDecimals.divmaltReserves;...
UniswapHandler.maltMarketPrice returns wrong decimals
Handle cmichel Vulnerability details The UniswapHandler.maltMarketPrice function returns a tuple of the price and the decimals of the price. However, the returned decimals do not match the computed price for the else if rewardDecimals maltDecimals branch: else if rewardDecimals maltDecimals uint2...