Lucene search
K

18 matches found

Code423n4
Code423n4
added 2023/11/15 12:0 a.m.13 views

First depositor will get twice more minted token for the same amount deposited

Lines of code Vulnerability details Impact The initial depositor stands to gain an unfair amount of RSETH tokens compared to later depositors, as a result of the fixed exchange rate of 1 ether when no RSETH supply exists i.e., no minted tokens are available. Consequently, the first deposit will...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.10 views

Malicious first depositor can steal all funds from all future depositors

Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.6 views

Malicious user can completely prevent all users or users without large funds from staking

Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.14 views

First Depositor Attack is possible by front-running mip00 script execution

Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.15 views

FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT

Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.8 views

Malicious yield vault owners can manipulate the interaction between the vault and yield vault

Lines of code Vulnerability details Impact Malicious yield vault owners can steal depositor's assets. Proof of Concept yieldVault is the Address of the ERC4626 vault in which assets are deposited to generate yield. After tokens are deposited into the vault, the deposit function of yieldVault is...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.12 views

Inflation attack in well

Lines of code Vulnerability details Impact The Well.sol contract is vulnerable to a first depositor attack allowing someone to directly send funds to the pool in order to obfuscate the totalSupply and steal funds from the subsequent depositor. Proof of Concept Below is how the attack can be carri...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.9 views

sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH

Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.10 views

Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.7 views

Code is vulnerable to ERC4626 first depositor shares manipulation exploit

Lines of code Vulnerability details Proof of Concept The normal ERC4626 implementation which is not changed in the repository has a vulnerability which can result in the first depositor stealing every subsequent depositor’s funds. It works like this: 1. Vault is just deployed and Bob deposits jus...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.11 views

Possible frontrunning attack in Vault.

Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/30 12:0 a.m.13 views

Early Depositor can DOS Deposits

Lines of code Vulnerability details Impact A malicious, but generous, early depositor can DOS all future deposits. This is accomplished by directly sending aTokens to the AaveV3YieldSource.sol contract after making their first deposit. The amount of aTokens sent to the contract will manipulate th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/28 12:0 a.m.8 views

User fund stuck

Judge @GalloDaSballo has assessed the 3rd item in QA Report 26 as Medium risk. The relevant finding follows: … Contract: In withdraw function, Funds will stuck if user deposited a amount and then isDepositordepositor is set to false by Admin. Now user cannot withdraw the amount since onlyDeposito...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.10 views

first depositor can drain other depositors

Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit in LiquidityPool. she deposits 1 basic unit of the token, therefore minting one lp token...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.11 views

Initial yVault deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into yVault is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the yVault token balance. Following depositors will loose their deposited funds due to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.6 views

first depositor of the insurance fund can drain the other depositors

Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.6 views

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/07 12:0 a.m.14 views

global unstreamed value is not updated after stream depositor withdraws an amount

Handle hubble Vulnerability details Impact Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream. Proof of Concept File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal;...

6.9AI score
Exploits0
Rows per page
Query Builder