4 matches found
USER WILL SEND TRANSACTION GAS WHICH IS ONLY ENOUGH TO EXECUTE StakedUSDeV2.unstake FUNCTION SUCCESFULLY BUT NOT ENOUGH TO FULLY EXECUTE THE silo.withdraw THUS LOSING ALL USER FUNDS
Lines of code Vulnerability details Impact The StakedUSDeV2.unstake function is used to claim the staking amount after the cooldown period has finished. The unstake function will reset the userCooldown.cooldownEnd and userCooldown.underlyingAmount parameters to 0 for the msg.sender once the cool...
Upgraded Q -> H from #296 [1674743769839]
Judge has assessed an item in Issue 296 as H risk. The relevant finding follows: Lines of code Vulnerability details A malicious liquidator could cause the NFT auction to fail and steal the collateral after end of auction. Impact Anyone can act as a liquidator and trigger the liquidation of the...
ERC20 return values not checked
Lines of code Vulnerability details Impact 'token' is a ERC20 from LPToken.sol The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead...
Unsafe token transfer
Handle WatchPug Vulnerability details Calling ERC20.transfer without handling the returned value is unsafe. function processWithdrawal uint era, uint day, address member private returns uint value uint memberUnits = mapEraDayMemberUnitseradaymember; // Get Member Units if memberUnits == 0 value =...