9 matches found
First deposit can break share calculation
Lines of code Vulnerability details Impact Vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept 147: shares = convertToSharesassets - feeShares; If feeShares = 0 the first depositor of Vault can...
[M-02] Strategist has full control over Public Vault it can be risky for depositors
Lines of code Vulnerability details Impact The strategist has full control over all key functions. If the strategist is compromised or hacked he will be able to manipulate the vault. For example, increase the depositCap modifyDepositCapuint256 newCap, add a depositor to the whitelist...
TokenggAVAX share price manipulation
Lines of code Vulnerability details Impact Reporting this issue as medium severity as a leak of value. Solmate's ERC4626 convertToShares calculates shares as assets totalSupply / totalAssets. It is possible to exploit this function by depositing 1 wei of asset in exchange 1 share totalSupply = 1...
Early Depositor can DOS Deposits
Lines of code Vulnerability details Impact A malicious, but generous, early depositor can DOS all future deposits. This is accomplished by directly sending aTokens to the AaveV3YieldSource.sol contract after making their first deposit. The amount of aTokens sent to the contract will manipulate th...
Potentially depositing at unfavorable rate since anyone can deposit the entire lenderPool to a known strategy at a pre-fixed time
Lines of code Vulnerability details Impact An attacker could keep track of the totalSupply of each LenderPool to see if it is more than the minBorrowAmount. If so, at startTime, which is pre-announced, the attacker could call start, which will trigger SAVINGSACCOUNT.deposit of the entire pool...
Owner can steal Concur rewards
Lines of code Vulnerability details Impact Owner can steal Concur rewards by adding a depositor and inflating other depositors' assigned balance of the token within the contract. Thus, the owner-managed depositor can get most all but one wei of the created tokens. Tools Used Manual analysis...
[WP-H12] forceUnsponsor() may open a window for attackers to manipulate the _totalShares and freeze users' funds at a certain deposit amount
Handle WatchPug Vulnerability details if force && sponsorAmount totalUnderlying sponsorToTransfer = totalUnderlying; else if !force require sponsorToTransfer totalUnderlying, the contract will transfer totalUnderlying to sponsorToTransfer, even if there are other depositors and totalShares 0. Aft...
[WP-H10] A malicious early user/attacker can manipulate the pps to freeze users' funds at a certain deposit amount
Handle WatchPug Vulnerability details uint256 tokenId = depositors.mint msgSender, amount, claimerId, lockedUntil ; function safeMint address to, uint256 tokenId, bytes memory data internal virtual mintto, tokenId; require checkOnERC721Receivedaddress0, to, tokenId, data, "ERC721: transfer to non...
Anyone can affect deposits of any user and turn the owner of the token
Handle adelamo Vulnerability details Impact On RCTreasury, we have the method collectRentUser. This method is public, so anyone can call it using whatever user and whatever timestamp. So, calling this method using user = XXXXX and timeToCollectTo = typeuint256.max, would make isForecloseduser =...