Lucene search
K

10 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.22 views

veOLAS.sol : PointVoting's slope and bias values are reset to zero when depositing for another account.

Lines of code Vulnerability details Impact Since the bias vote weight and slope are reset, the voting power of as user is nullified. Proof of Concept veOLAS.sol is escrow based contract where the OLAs tokens are locked for certain amount of time in order to gain the voting power. This voting powe...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.11 views

Sanctionned funds keep earning APR, and protocol earning fees on these funds

Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.9 views

DoS Any Escrow by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any escrow contract can be DoSed by sending a 1 wei transaction to the escrow address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in escrow creation...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.10 views

OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds

Lines of code Vulnerability details Impact In order to prevent a sanctioned lender for example by OFAC to poison an entire market, a function has been developed to block and transfer the sanctionned user's funds to an escrow contract. This escrow contract can be released if borrower decides so by...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.16 views

_blockAccount doesn’t transfer asset correctly getting portion of funds locked permanently

Lines of code Vulnerability details Description When blockAccount is called and the account that is getting blocked has balance in the market, escrow contract is created and balance of the user is transferred to this contract by updating accounts mapping. When the account is unsanctioned, the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.9 views

Any user can drain the escrow contract by calling decreaseDepositRequest with more amount than they deposited into the escrow while requesting.

Lines of code Vulnerability details Impact In the protocol, users submit deposit requests to the Centrifuge gateway for depositing assets into the Liquidity Pools. There is also a mechanism to decrease this deposit order by calling LiquidityPool::decreaseDepositRequest which decreases their depos...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

Use the _assetTransferFrom function instead of _assetTransfer. This is because the tokens are held in the escrow contract, rather than being in the destination BYTES address, and thus require a transfer from the escrow contract to the recipient's address

Lines of code Vulnerability details Impact The msg.sender lose his stakedBytes From BYTES address not possible to send stakedBytes to msg.sender. The stakedBytes only help in escrow contract not in BYTES address. Proof of Concept function assetTransfer address asset, address to, uint256 amount...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.11 views

Upgradable escrow contract

Lines of code Vulnerability details Impact Upgradable escrow contract pose great risk to user who approved their NFT to the contract. Most popular token / NFT exchange do not require user approve their asset to admin upgradable contract. This also increase user gas usage because they would have t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.11 views

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/16 12:0 a.m.9 views

L1Migrator.migrateLPT` can be used to take away protocol's access to LPT tokens in BridgeMinter

Handle Ruhum Vulnerability details Vulnerability details Impact Same thing as the ETH issue I reported earlier. I wasn't sure if those are supposed to be a single issue or not. The concept is the same. But, now you lose LPT tokens. The L1Migrator.migrateLPT function can be called by anyone. It...

6.7AI score
Exploits0
Rows per page
Query Builder