13 matches found
[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens
Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...
Depositors might lose funds due to the lack of zero share check
Lines of code Vulnerability details Impact Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial...
Interest is not accrued before parameters are updated in SavingsVest
Lines of code Vulnerability details Impact Stablecoin holders can receive wrongly calculated yield in the SavingsVest contract. Also, wrong vesting profit can be slashed when the protocol is under-collateralized. Proof of Concept The SavingsVest contract lets users deposit their stablecoins and...
FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS
Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...
JIT(JUST-IN TIME) LIQUIDITY OPPORTUNITIES EXISTS FOR USERS
Lines of code Vulnerability details Impact The MEV opportunity created robs the honest users who deposit before the start of a reward cycle. Leading to loss of rewards for said users. Proof of Concept A user deposits AVAX into tokenggAVAX.sol and in return gets an lp token to represent their...
Upgraded Q -> M from #334 [1671456734920]
Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...
Users Can Game Yield Distributions
Lines of code Vulnerability details Impact processYield restricts who can call this function to just the vault admin. Upon being processed, the treasury receives its fair share of the yield and the rest is transferred to the YieldManager.sol contract. To distribute yield, the manager calls...
StakedCitadel depositors can be attacked by the first depositor with depressing of vault token denomination
Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created StakedCitadel contract, providing a tiny amount of Citadel tokens by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 Citadel as it has 18 decimals. Then the attacker can directly...
New YVault depositors can be attacked by depressing share decimals
Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created YVault contract, providing a tiny amount of token by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 token if it is 18 decimals. Then the attacker can directly transfer, for exampl...
Owner can lock tokens in MasterChef
Lines of code Vulnerability details Impact Owner can remove a depositor. Since only depositors can deposit and withdraw, the owner may add a contract to the whitelist, let users deposit in the contarct and remove the depositor from the whitelist. Depositor's reward cannot be withdrawn then. And...
Depositors are at mercy of admins to get their funds back
Handle cmichel Vulnerability details When depositors want their funds back and there are not enough funds in the vault or the strategy, the aUST in the BaseStrategy needs to be redeemed. This redemption process is asynchronous due to the nature of EthAnchor and requires an admin to redeem the aUS...
Both _mint and _safeMint are used to mint NFTs
Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...
Users Can Reset Bond Depositor's Vesting Period
Handle leastwood Vulnerability details Impact The VaderBond.deposit function overwrites a depositors bond info on each call with the updated payout information. If any of the vesting is left unclaimed before a call to deposit is made, the vesting period is reset to terms.vestingTerm, resulting in...