18 matches found
First depositor will get twice more minted token for the same amount deposited
Lines of code Vulnerability details Impact The initial depositor stands to gain an unfair amount of RSETH tokens compared to later depositors, as a result of the fixed exchange rate of 1 ether when no RSETH supply exists i.e., no minted tokens are available. Consequently, the first deposit will...
Malicious first depositor can steal all funds from all future depositors
Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...
Malicious user can completely prevent all users or users without large funds from staking
Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...
First Depositor Attack is possible by front-running mip00 script execution
Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...
FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT
Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...
Malicious yield vault owners can manipulate the interaction between the vault and yield vault
Lines of code Vulnerability details Impact Malicious yield vault owners can steal depositor's assets. Proof of Concept yieldVault is the Address of the ERC4626 vault in which assets are deposited to generate yield. After tokens are deposited into the vault, the deposit function of yieldVault is...
Inflation attack in well
Lines of code Vulnerability details Impact The Well.sol contract is vulnerable to a first depositor attack allowing someone to directly send funds to the pool in order to obfuscate the totalSupply and steal funds from the subsequent depositor. Proof of Concept Below is how the attack can be carri...
sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH
Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...
Early user can break the minting of LP Tokens
Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...
Code is vulnerable to ERC4626 first depositor shares manipulation exploit
Lines of code Vulnerability details Proof of Concept The normal ERC4626 implementation which is not changed in the repository has a vulnerability which can result in the first depositor stealing every subsequent depositor’s funds. It works like this: 1. Vault is just deployed and Bob deposits jus...
Possible frontrunning attack in Vault.
Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...
Early Depositor can DOS Deposits
Lines of code Vulnerability details Impact A malicious, but generous, early depositor can DOS all future deposits. This is accomplished by directly sending aTokens to the AaveV3YieldSource.sol contract after making their first deposit. The amount of aTokens sent to the contract will manipulate th...
User fund stuck
Judge @GalloDaSballo has assessed the 3rd item in QA Report 26 as Medium risk. The relevant finding follows: … Contract: In withdraw function, Funds will stuck if user deposited a amount and then isDepositordepositor is set to false by Admin. Now user cannot withdraw the amount since onlyDeposito...
first depositor can drain other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit in LiquidityPool. she deposits 1 basic unit of the token, therefore minting one lp token...
Initial yVault deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds
Lines of code Vulnerability details Impact The first depositor into yVault is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the yVault token balance. Following depositors will loose their deposited funds due to...
first depositor of the insurance fund can drain the other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...
Depositor can reenter contract on claim creation
Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...
global unstreamed value is not updated after stream depositor withdraws an amount
Handle hubble Vulnerability details Impact Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream. Proof of Concept File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal;...