49 matches found
Upgraded Q -> M from 182 [1655245716777]
Judge has assessed an item in Issue 182 as Medium risk. The relevant finding follows: L-Can send ETH more than buyOption premium required Link. requiremsg.value = premium should be requiremsg.value == premium to prevent user send too much eth. Only beneficiary benefit from this. Contract should...
Usage of deprecated transfer to send ETH
Lines of code Vulnerability details Impact Usage of deprecated transfer Swap can revert. Proof of Concept The original transfer used to send eth uses a fixed stipend 2300 gas. This was used to prevent reentrancy. However this limit your protocol to interact with others contracts that need more th...
LidoVault: Premature return after sending ETH
Lines of code Vulnerability details Details & Impact The require check is performed after exiting the function, meaning that the ETH transfer’s validity check is skipped. This would thus cause invalid withdrawals to be erroneously processed as valid. Recommended Mitigation Steps Swap the require...
ETH transefer is not checked properly
Lines of code Vulnerability details Title ETH transefer is not checked properly Impact Function will return successfully even if the transfer of ETH failed Proof of Concept in smart-contracts/LidoVault.solL141-L142 the function returns before checking that the ETH is sent properly. This may cause...
At LidoVault.sol, _withdrawFromYieldPool()function, ETH transfer return value is not checked
Lines of code Vulnerability details Impact At withdrawFromYieldPool ETH transfer return value is not checked as the return statement at line 141 breaks the return value checking. Proof of Concept function withdrawFromYieldPool address asset, uint256 amount, address to internal override returns...
Payble function allows for Eth transfer even when ERC20 tokens are being used
Lines of code Vulnerability details Impact The function depositCollateral in GeneralVault.sol is payable. This needs to be payable for the case in LidoVault where depositToYeild expects ETH to be transferred. However for the ConvexCurveLPVault.sol and the case when LidoVault is not using Eth as a...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...
Using the native payable.transfer to send ETH in WithdrawFacet
Lines of code Vulnerability details Impact The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances: 1. The receiver consumes more than 2300 amounts ...
use of transfer() instead of call() to send eth
Handle JMukesh Vulnerability details Impact Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback...