5 matches found
Attacker can Grief The Call to depositAsset Making It Impossible For The Victim To Deposit
Lines of code Vulnerability details Impact The attacker can grief the victim , making him unable to deposit asset into the pool. Proof of Concept The attack flow is as follows - Alice decides to deposit assets into the LRTDepositPool.sol , she calls depositPool here At L152 the function makes the...
Max deposit limit on assets per deposit on strategy on EigenLayer
Lines of code Vulnerability details Impact Each strategy on EigenLayer has a maxPerDeposit it validates all individual deposits into the concerned strategy against. This is inclusive of the maxTotalDeposits against a strategy. These two upper limits are validated against deposits to the strategy,...
Borrower cannot change the maximum supply
Lines of code Vulnerability details Impact Maximum supply cannot be increased and by extension the max deposit limit too. Proof of Concept WildcatMarketConfig@setMaxTotalSupply is only callable by the WildcatMarketController but is not used anywhere there. WildcatMarketConfig.sol function...
Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw
Lines of code Vulnerability details Impact manager and DEFAULTADMINROLE can update conflicting values as max deposit limit and max withdrawal limit, where maxDepositAmount is than maxWithdrawAmount. Users will be able to deposit more than they are permitted to withdraw. considering the extremes i...
Medium: Vaults can be griefed to not be able to be used for deposits
Lines of code Vulnerability details Description Interaction with SavETHVault and StakingFundsVault require a minimum amount of MINSTAKINGAMOUNT. In order to be used for staking, there needs to be 24 ETH or 4 ETH for the desired BLS public key in those vaults. The issue is that vaults can be grief...