6 matches found
Any extra reward tokens that accumulate in the contract remain locked there permanently.
Lines of code Vulnerability details Impact Funds get locked in contract resulting to Loss of asset control, funds and increased costs to recover fund Proof of Concept Reviewing the list of external and public functions, there is no withdraw or reclaim function: 2. Scanning the contract code, ther...
Well.skim() TRANSACTION CAN BE FRONT RUN BY Well.sync() TRANSACTION THUS MAKING THE Well.skim() CALL INEFFECTIVE
Lines of code Vulnerability details Impact The Well.skim external function is used to transfer the excess tokens held by the well to teh recipient. This is done by calculating the differnce between the contract balance and the reserves for each of the tokens as shown below: skimAmountsi =...
Stealing excess tokens from other users by either front-running skim function or calling it before legitimate user
Lines of code Vulnerability details Impact File /src/interfaces/IWell.sol comment's defines what the skim function is being responsible for: / @notice Sends excess tokens held by the Well to the recipient. @param recipient The address to send the tokens @return skimAmounts The amount of each toke...
Loss of Long tokens when users send excess tokens to pool while minting LP tokens
Lines of code Vulnerability details Impact Protocol currently uses 2 levels of callbacks for minting: Inner Level callback: timeswapV2PoolMintChoiceCallback function in Line 349 of Pool.sol that allows users to choose Long0 and Long1 amounts such that long0 + long1converted based on strike = long...
Users Can Prevent Excess Tokens From Being Withdrawn By The Pool Creator In withdrawExcessRewards()
Lines of code Vulnerability details Impact Because pools will likely never be fully utilised by stakers while active, the following assumption in withdrawExcessRewards can be broken by preventing any receipt withdrawal: requirepool.totalDepositsWei == 0, 'Cannot withdraw until all deposits are...
Recover tokens function will become unusable with reward tokens if they are withdrawn first.
Handle pedroais Vulnerability details Impact The recoverTokens function will become unusable with reward tokens if they are withdrawn first. Proof of Concept With reward tokens excess is defined as balance - rewardTokenAmount + rewardTokenFeeAmount The variable rewardTokenAmount never gets update...