5 matches found
A user can make sybil attack for manipulate gaugeController dao
Lines of code Vulnerability details Impact When voteforgaugeweights used contract just take info of users slope of exact time. And there is no extra check mechanism in protocol for control is user's delegate amount so slope too until user use voteforgaugeweights. So a user can use...
Reverts when a User claims Voting Power of address(0) where there exists some for address(0)
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...
faulty users can abuse the function delegate in NFTBoostVault.sol
Lines of code Vulnerability details Impact The contract NFTBoostVault.sol lets users to register their tokens/optional NFT's in exchange of voting power. in this contract its mandatory for users to be registered in order to lock their tokens and claim voting power, as its mentioned in the code...
User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Proof of Concept 1. In ARCDVestingVault.delegate, Alice calls the function with voting Power 100e18 and...
Able to delegate multiple times with the same tokenId
Lines of code Vulnerability details The delegate function in VoteEscrowDelegation.sol is used to delegate voting power from one tokenId to another. The tokenId is added to the toTokenId's delegatedTokenIds array which contains all tokenIds that have delegated to the toTokenId. The amount of votes...