Lucene search
K

7 matches found

Code423n4
Code423n4
β€’added 2023/04/09 12:0 a.m.β€’13 views

ETHCrowdfundBase.sol: all funds are lost when fee recipient cannot receive ETH

Lines of code Vulnerability details Impact In the ETHCrowdfundBase contract a fundingSplitRecipient address is configured which receives a percentage of the funds in case the crowdfund is won. Neither the fundingSplitRecipient address nor the fundingSplitBps percentage can be changed. The issue i...

6.5AI score
Exploits0
Code423n4
Code423n4
β€’added 2023/03/26 12:0 a.m.β€’10 views

Upgraded Q -> 2 from #60 [1679803335439]

Judge has assessed an item in Issue 60 as 2 risk. The relevant finding follows: LiquidityPool.sol: If the fee recipient is not set then all LP operations such as deposits and withdrawals will fail. Consider making fee transfers optional depending on whether a fee recipient and percentage is set -...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2023/03/20 12:0 a.m.β€’6 views

set critical parameters like fee recipient in constrctor.

Lines of code Vulnerability details Impact Loss of fee at certain condition. This can happen, when user call deposit function immediately contracts are deployed. Or when admin forget to update the feeReceient address. There are lot of address that admin has to set once the contract is deployed. S...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2023/02/28 12:0 a.m.β€’9 views

Upgraded Q -> 2 from #523 [1677626174331]

Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...

7.1AI score
Exploits0
Code423n4
Code423n4
β€’added 2023/01/30 12:0 a.m.β€’8 views

Malicious user can send the quest reward tokens to the protocol fee contract preventing users from claiming their rewards.

Lines of code Vulnerability details Impact Malicious user can take advantage of the function withdrawFee after the quest end time and successfuly send the quest reward tokens to the protocol fee contract preventing users from claiming their rewards. Proof of Concept Every receipt minted should...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/21 12:0 a.m.β€’8 views

function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval

Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/14 12:0 a.m.β€’8 views

Direct theft of buyers ETH funds.

Lines of code Vulnerability details Impact Most severe issue: A Seller or Fee recipient can steal ETH funds from the buyer when he is making a single or bulk execution. Direct theft of funds. Additional impacts that can be caused by these bugs: 1. Seller or Fee recipient can cause next in line...

7.5AI score
Exploits0
Rows per page
Query Builder