8 matches found
Malicious feeReceiver or saleReceiver can steal the user's refund ETH by calling the buy function multiple times in LPDA
Lines of code Vulnerability details Impact In the LPDA contract, the fee is transfered to feeReceiver and the totalSale to saleReceiver when newId == temp.finalId, meaning that the amount of tokens that were minted has been reached. However, the call to the internal end function only emits an eve...
batchDepositETHForStaking in GiantMevAndFeesPool.sol can be ticked to steal all ETH in the pool
Lines of code Vulnerability details Impact All Eth can be drained by fake vault addresses. Proof of Concept In batchDepositETHForStaking, stakingFundsVault is checked for its validity through StakingFundsVault sfv = StakingFundsVaultpayablestakingFundsVaulti; require...
batchDepositETHForStaking in GiantSavETHVaultPool.sol can be ticked to steal all ETH in the pool
Lines of code Vulnerability details Impact All Eth can be drained by fake vault addresses. Proof of Concept In batchDepositETHForStaking, savETHVault is checked for its validity through SavETHVault savETHPool = SavETHVaultsavETHVaultsi; require...
A malicious user can steal all the excess balance on the pool by calling the execute function with higher amount than the selling amount
Lines of code Vulnerability details Impact When an order is matched, the Buyer has the option to pay in either ETH, WETH or via the Pool contract. The Exchange smart contract implements a function returnDust which returns the extra ETH to the user, if she overpays. The function is implemented in...
User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack
Lines of code Vulnerability details Impact The funds ETH that users sent along with the bulkExecute may be stolen. Proof of Concept When a buyer send a bulkExecute tx with msg.value 0 with order of buying token with eth, the sent ETH may be stolen if the tx contains a malicious selling order whic...
Recipients Can Steal Remaining ETH from Exchange
Lines of code Vulnerability details Impact This vulnerability allows recipients to reenter the Exchange contract, stealing remaining ETH. When a batch of orders are matched using the bulkExecute method a malicious recipient of assets may reenter the bulkExecute method, stealing ETH that would've...
Seller can steal ETH which is for other orders of the bulk
Lines of code Vulnerability details Impact The 'bulkExecute' and 'returnDust' functions are susceptible to reentrancy attack. Seller can exploit it to steal ETH which is for other orders of the bulk. Proof of Concept Key steps for successful attack 1 set fee rate to 100% 2 reentrancy call...
Add max fee in setFee and emit event
Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...