41 matches found
Potential issue with Vault.depost function
Lines of code Vulnerability details Impact Contract Vault is a private vault which only allows the owner also the strategist to deposit. However, Vault.deposit uses an unnecessary complicated logic requires.allowListmsg.sender && receiver == owner; to allow only owner to deposit actually the...
Underlying assets stealing in token via share price manipulation
Lines of code Vulnerability details Impact asset can be stolen from depositors in the vault by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors this is a kno...
Upgraded Q -> M from #201 [1671458492331]
Judge has assessed an item in Issue 201 as M risk. The relevant finding follows: Deposit function is not compatible with deflationary token The actual deposited amount might be lower than the specified depositAmount of the function parameter. This would lead to wrong interest rate calculations on...
Users can get free collateral when using non-reverting on failure baseTokens
Lines of code Vulnerability details Impact A user calling Collateral's deposit function when baseToken is a non-reverting on failure ERC20 token, can get an arbitrary amount of collateral without actually depositing a single base token in the contract. function depositaddress recipient, uint256...
No Allowlist For Bridgeable ERC-20 Tokens
Lines of code Vulnerability details Vulnerability Details We noticed that the deposit function of the L1ERC20Bridge contract code snippet 1 permits a user to bridge any ERC-20 tokens including deflationary and rebase tokens from the L1 to the L2 network. We considered that permitting non-standard...
Possible reentrancy attack on deposit function
Lines of code Vulnerability details Impact In deposit function the shares was calculated before the asset.safeTransferFrom. One possible scenario is when the supply it's 0totalSupplyid == 0, the retrun of convertToShares it's assets, if the asset is an ERC777 a contract sender could call again th...
timewindow can be changed unexpectedly that blocks users from calling deposit function
Lines of code Vulnerability details Impact As shown by the following epochHasNotStarted modifier, which is used by the deposit function below, users can only deposit when block.timestamp modifier epochHa...
AxelarDepositService: When wrappedToken is not weth, sendNative may cause users to lose ether.
Lines of code Vulnerability details Impact In the sendNative function of the AxelarDepositService contract, the wrappedToken address is treated as weth-like and the wrappedToken's deposit function is called. If the wrappedToken address is TokenType.External token and is not weth-like and the...
Deposit of wrappedFCash does not follow EIP 4626
Lines of code Vulnerability details Impact The deposit of wfCashERC4626 is not 4626 compatible. wfCashERC4626.solL168-L175 According to EIP4626 MUST revert if all of assets cannot be deposited due to deposit limit being reached, slippage, the user not approving enough underlying tokens to the Vau...
Bad use of safeApprove
Lines of code Vulnerability details Impact Function deposit in booster could revert when stake option is true if the contract has an allowance of the token for rewarcontract 0. The same in many contracts but in VE3DRewardPool.sol a user can get his rewards blocked. Proof of Concept If the contrac...
Since calling _lockVeAsset() incentiveVeAsset is always set to 0
Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact The if statement of the deposit function will never add incentive tokens because you calling lockVeAsset which will always set incentiveVeAsset is set to 0. Proof of Concept%3B-,incentiveVeAsset%20%3D%200%3B,-%7D...
if user send uninitialized poolId to function deposit() of PermissionlessBasicPoolFactory, then attacker can cause user fund to be locked forever, and only unlock it if user pays ransom
Lines of code Vulnerability details Impact Function deposit of PermissionlessBasicPoolFactory supposed to revert if user send uninitialized poolId by mistake, but if user does this, attacker can perform front-running attack and create multiple pools with his smart contract and be owner of that...
One could get up to 20x more xCTDL tokens when deposit right after earn().
Lines of code Vulnerability details Impact When earn is called by authorized actors keeper or governance, 95% of the balance of CTDL token in the StakedCitadel contract will be transferred to strategy. Thus, the balance will be roughly only 5% of the totalSupply. At this juncture, if an attacker...
DoS attack the system and steal all the users' funds
Lines of code Vulnerability details Impact That exploit is possible because of the implementation of the deposit function of the SingleStrategyController contract. // Assumes approval to take amount has already been given by vault function deposituint256 amount external override onlyVault...
first depositor of the insurance fund can drain the other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...
ERC4626 does not work with fee-on-transfer tokens
Lines of code Vulnerability details Impact The docs/video say ERC4626.sol is in scope as its part of TurboSafe The ERC4626.deposit/mint functions do not work well with fee-on-transfer tokens as the amount variable is the pre-fee amount, including the fee, whereas the totalAssets do not include th...
Users’ staking rewards can get redeemed by other users
Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...
Missing reentrant check can be abused by increasing total share, before transfering underlying token
Handle Fitraldys Vulnerability details Impact When interacting with the vault contract, the user can call the deposit function, however this can be used to reenter this function because the deposit function will eventually call depositors.mint and in the mint function inside depositors will call...
Reentrancy vulnerability allows attacker to gain more shares than deserved
Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...
SynthVault rewards can be gamed
Handle cmichel Vulnerability details Vulnerability Details The SynthVault.deposit function adds weight for the user that depends on the spot value of the deposit synth amount in BASE. This spot price can be manipulated and the cost of manipulation is relative to the pool's liquidity. However, the...