Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/02/07 12:0 a.m.18 views

Incorrect computation in MultiRewardStaking changeRewardSpeed() leads to loss of rewards

Lines of code Vulnerability details Impact The changeRewardSpeed function computes rewardsEndTimestamp incorrectly for the case block.timestamp block.timestamp ? prevEndTime : block.timestamp.safeCastTo32, rewardsPerSecond, remainder If the prevEndTime block.timestamp then it can be reduced to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.8 views

If a new extra reward is added later, existing stakes will not be able to withdraw

Lines of code Vulnerability details Impact When the user stakes token, it iterates over all the extraRewards and adds to the user stake: function stakeuint256 amount public updateRewardmsg.sender returns bool ... //also stake to linked rewards for uint256 i = 0; i extraRewards.length; i++...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.8 views

processYield() and distributeYield() may run out of gas and revert due to long list of extra rewards/yields

Lines of code Vulnerability details Impact Yields will not be able to be distributed to lenders because attempts to do so will revert Proof of Concept The processYield function loops overall of the extra rewards and transfers them File: smart-contracts/ConvexCurveLPVault.sol 1 105 uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.4 views

Adding imbalanced liquidity earns extra rewards

Handle broccoli Vulnerability details Adding imbalanced liquidity earns extra rewards Impact When a user provides liquidity with unbalanced balance. It should be the same as swapping tokens and adding lp. However, the liquidity the users get is calculated as follow: uint256 computed =...

6.9AI score
Exploits0
Rows per page
Query Builder