5 matches found
Upgraded Q -> 2 from #1553 [1698130820647]
Judge has assessed an item in Issue 1553 as 2 risk. The relevant finding follows: 3- Funds not transferred to correct recipient in RdpxDecayingBonds.emergencyWithdraw : Risk : Low The function RdpxDecayingBonds.emergencyWithdraw is used by the admin to pull funds from the contract in case of...
Host can instantly set rageQuitTimestamp and prevent members from rage quitting
Lines of code Vulnerability details Impact A malicious Host can front-run rage-quitting members and setRageQuitTimestamp to a time in the past and disable rageQuit. Proof of Concept Ragequit serves as a protective measure for members of a Party to do an emergency withdrawal of their assets in cas...
Function recoverERC20 in StakingRewards allows an owner to transfer out any token except stakingToken
Judge @GalloDaSballo has assessed the 1st item in QA Report 254 as Medium risk. The relevant finding follows: … Function recoverERC20 in StakingRewards allows an owner to transfer out any token except stakingToken. I see 2 problems with this: 1. It should also forbid transferring of rewardsToken,...
Unable to withdraw if block.number > 32-bit
Handle gzeon Vulnerability details Impact If block.number 32-bit, updateTotalSupplyCheckPoints would revert. updateTotalSupplyCheckPoints is called from mint and burn, which mean withdraw would also revert. Proof of Concept uint32 blockNumber = safe32block.number, "block number exceeds 32 bits";...
Malicious owner can drain the market at any time using SafetyWithdraw
Handle 0xRajeev Vulnerability details Impact The withdrawERC20Token in SafetyWithdraw inherited in TracerPerpetualSwaps is presumably a guarded launch emergency withdrawal mechanism. However, given the trust model where the market creator/owner is potentially untrusted/malicious, this is a...