Lucene search
K

49 matches found

Code423n4
Code423n4
added 2022/06/14 12:0 a.m.8 views

Upgraded Q -> M from 182 [1655245716777]

Judge has assessed an item in Issue 182 as Medium risk. The relevant finding follows: L-Can send ETH more than buyOption premium required Link. requiremsg.value = premium should be requiremsg.value == premium to prevent user send too much eth. Only beneficiary benefit from this. Contract should...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.8 views

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Impact Usage of deprecated transfer Swap can revert. Proof of Concept The original transfer used to send eth uses a fixed stipend 2300 gas. This was used to prevent reentrancy. However this limit your protocol to interact with others contracts that need more th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.11 views

LidoVault: Premature return after sending ETH

Lines of code Vulnerability details Details & Impact The require check is performed after exiting the function, meaning that the ETH transfer’s validity check is skipped. This would thus cause invalid withdrawals to be erroneously processed as valid. Recommended Mitigation Steps Swap the require...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.7 views

ETH transefer is not checked properly

Lines of code Vulnerability details Title ETH transefer is not checked properly Impact Function will return successfully even if the transfer of ETH failed Proof of Concept in smart-contracts/LidoVault.solL141-L142 the function returns before checking that the ETH is sent properly. This may cause...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.8 views

At LidoVault.sol, _withdrawFromYieldPool()function, ETH transfer return value is not checked

Lines of code Vulnerability details Impact At withdrawFromYieldPool ETH transfer return value is not checked as the return statement at line 141 breaks the return value checking. Proof of Concept function withdrawFromYieldPool address asset, uint256 amount, address to internal override returns...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/13 12:0 a.m.8 views

Payble function allows for Eth transfer even when ERC20 tokens are being used

Lines of code Vulnerability details Impact The function depositCollateral in GeneralVault.sol is payable. This needs to be payable for the case in LidoVault where depositToYeild expects ETH to be transferred. However for the ConvexCurveLPVault.sol and the case when LidoVault is not using Eth as a...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.13 views

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.7 views

Using the native payable.transfer to send ETH in WithdrawFacet

Lines of code Vulnerability details Impact The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances: 1. The receiver consumes more than 2300 amounts ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.17 views

use of transfer() instead of call() to send eth

Handle JMukesh Vulnerability details Impact Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback...

6.8AI score
Exploits0
Rows per page
Query Builder