2 matches found
_harvest() performs market swaps without slippage control and is a subject to sandwich attacks
Lines of code Vulnerability details As a result trades happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to medium as impact here is a partial fund loss conditional only on big enough asset amount to be swapped: sandwich attacks a...
StakedCitadel depositors can be attacked by the first depositor with depressing of vault token denomination
Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created StakedCitadel contract, providing a tiny amount of Citadel tokens by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 Citadel as it has 18 decimals. Then the attacker can directly...