5 matches found
Lost fees
Lines of code Vulnerability details Impact Buyers do not get any split of the fees. It is instead to be distributed to holders. But holder splits on successive buys are partially lost to the contract and cannot be recovered. Proof of concept The buyer's rewardsLastClaimedValueidmsg.sender is...
Compound charges are sent to GeVault, making them potentially vulnerable to theft
Lines of code Vulnerability details Impact In the previous version, the compound fee would be saved in the TokenisableRange before being deposited into LP, and would be deposited into LP after reaching 1%. After reconstruction, the fees are sent directly to GeVault for distribution through getTVL...
The existence of the tokenID is not validated in distributeFees()
Lines of code Vulnerability details Impact Turnstile contract has distributeFees function which the Canto team/smart contract utilizes to distribute the fees to the tokenID's for the smart contract that is registered through register function. The existence of the tokenID's are checked both in...
[WP-H2] NonUSTStrategy.sol Improper handling of swap fees allows attacker to steal funds from other users
Handle WatchPug Vulnerability details NonUSTStrategy will swap the deposited non-UST assets into UST before depositing to EthAnchor. However, the swap fee is not attributed to the depositor correctly like many other yield farming vaults involving swaps ZapIn. An attacker can exploit it for the sw...
Malicious receiver can make distribute function denial of service
Handle cccz Vulnerability details Impact In the NFTXSimpleFeeDistributor.sol contract, the distribute function calls the sendForReceiver function to distribute the fee function distributeuint256 vaultId external override virtual nonReentrant requirenftxVaultFactory != address0; address vault =...