7 matches found
Malicious user can completely prevent all users or users without large funds from staking
Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...
First Depositor Attack is possible by front-running mip00 script execution
Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...
FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT
Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...
Inflation attack in well
Lines of code Vulnerability details Impact The Well.sol contract is vulnerable to a first depositor attack allowing someone to directly send funds to the pool in order to obfuscate the totalSupply and steal funds from the subsequent depositor. Proof of Concept Below is how the attack can be carri...
sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH
Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...
Early user can break the minting of LP Tokens
Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...
Possible frontrunning attack in Vault.
Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...