6 matches found
Routing griefing via ERC-777 operator
Lines of code Vulnerability details Impact Currently, there is no router implemented for private pools in which NFTs are traded against ERC-20 tokens or it is not available in the repository. However, in the future, it is possible that some algorithm on the frontend will look for the optimal path...
claimRewards is not re-entrancy safe.
Lines of code Vulnerability details Impact In MultiRewardStaking the function claimRewards doesn’t have nonReentrant which makes it possible to re-enter the function. If one of the reward tokens in ERC-777 token, it is possible to re-enter and claim the reward again and again until the contract i...
Re-entrancy in MultiRewardStaking.claimRewards
Lines of code Vulnerability details Impact If an ERC-777 token is used as reward token for any Staking contract in the system, that reward token can be completely drained from the Staking contract. Proof of Concept Re-entrancy can be done in the MultiRewardStaking.claimRewards function because of...
MultiRewardStaking claimRewards() reentrancy for ERC-777 reward tokens
Lines of code Vulnerability details Impact A hacker can drain an ERC-777 reward token funds via reentrancy. This is because in the claimRewards function, the transfer of the reward token which triggers the hacker's ERC-777 hook takes place before setting accruedRewardsuserrewardTokensi to zero...
Closing a single credit line can be reentered and allows closing all open credit lines
Lines of code Vulnerability details Closing a single credit line can be reentered and allows decrementing count as many times as needed to reach the value 0. As soon as the value is 0, the status of all credit lines will be updated to LineLib.STATUS.REPAID. Reentrancy is possible by the borrower ...
Missing ReEntrancy Guard to Withdraw function
Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...