2 matches found
Malicious user can cause complete loss of function in AxelarAuthWeighted.sol by matching validators and weights to a previous epoch
Lines of code Vulnerability details Impact Complete loss of function for both AxelarAuthWeighted.sol and AxelarGateway.sol Proof of Concept if epochForHashnewOperatorsHash 0 revert SameOperators; AxelarAuthWeighted.soltransferOperatorship reverts in L76 if epochForHashnewOperatorHash != 0. This...
Attacker can empty all the funds by creating fake promotions
Handle WatchPug Vulnerability details The current implementation of calculateRewardAmount allows a arbitrary epochId, which can even be a epochId numberOfEpochs. A malicious user can call claimRewards with epochIds larger than numberOfEpochs and claim other users' rewards. Furthermore, since...