4 matches found
Unlimited minting of fractional tokens by calling Pair.wrap() multiple times
Lines of code Vulnerability details Impact User can mint an unlimited amount of fractional tokens and break the protocol by selling the tokens. Proof of Concept NFTs can be traded for 1e18 fractional tokens by calling the function wrap. Wrap calls validateTokenIdstokenIds, proofs which in turn ru...
Migration's withdrawContribution ignores the exchange between fractional tokens and ETH happened during Buyout attempt
Lines of code Vulnerability details withdrawContribution aims to return the funds to Migration participants. However, it uses initial userProposalFractionsproposalIdmsg.sender and userProposalEthproposalIdmsg.sender records for withdrawal accounting. Real funds structure is different after Buyout...
fractionPrice precision can be lost if fractional tokens supply is high enough
Lines of code Vulnerability details Buyout's start now determine fractional token price by dividing native tokens amount by total supply number. Whenever the supply is high enough the precision can be lost, leading to severe losses to buyout proposer as his staked fractional tokens can be valued ...
cash share amount calculated incorrectly
Lines of code Vulnerability details Impact When a buyout is successful, token owners can cash out their fractional tokens for ETH. The amount of ETH cashed out buyoutShare is calculated like this L268: uint256 buyoutShare = tokenBalance ethBalance / totalSupply + tokenBalance; with tokenBalance t...